Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1546019
MD5:	ab7d13fd2200b07c2bc9fe3b3f7cc837
SHA1:	22943e1fbf9c32a3bb716a002de1a8e598bbf169
SHA256:	17b7ba466ce248a1f9a337d4e6a7ab092a6bb2608246c08a348b525c8e3a9311
Tags:	exeuser-Bitsight
Infos:

Detection

CredGrabber, Meduza Stealer

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected CredGrabber

Yara detected Meduza Stealer

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Suricata IDS alerts with low severity for network traffic

Terminates after testing mutex exists (may check infected machine status)

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 3812 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AB7D13FD2200B07C2BC9FE3B3F7CC837)

cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "109.172.94.66", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "Ipa", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: file.exe PID: 3812	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: file.exe PID: 3812	JoeSecurity_CredGrabber	Yara detected CredGrabber	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.2674e120000.0.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
0.2.file.exe.2674e120000.0.raw.unpack	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-31T11:34:30.219355+0100	2022930	1	A Network Trojan was detected	52.149.20.212	443	192.168.2.7	49733	TCP
2024-10-31T11:35:10.399790+0100	2022930	1	A Network Trojan was detected	52.149.20.212	443	192.168.2.7	54363	TCP

ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-31T11:34:15.039636+0100	2049441	1	A Network Trojan was detected	192.168.2.7	49699	109.172.94.66	15666	TCP

ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-31T11:34:15.039636+0100	2050806	1	A Network Trojan was detected	192.168.2.7	49699	109.172.94.66	15666	TCP
2024-10-31T11:34:15.045286+0100	2050806	1	A Network Trojan was detected	192.168.2.7	49699	109.172.94.66	15666	TCP

ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-31T11:34:15.039636+0100	2050807	1	A Network Trojan was detected	192.168.2.7	49699	109.172.94.66	15666	TCP
2024-10-31T11:34:15.045286+0100	2050807	1	A Network Trojan was detected	192.168.2.7	49699	109.172.94.66	15666	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0.2.file.exe.2674e120000.0.raw.unpack

Malware Configuration Extractor: Meduza Stealer {"C2 url": "109.172.94.66", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "Ipa", "links": "", "port": 15666}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E193430 CryptUnprotectData,LocalFree,	0_2_000002674E193430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E157F90 CryptUnprotectData,LocalFree,	0_2_000002674E157F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E193730 CryptProtectData,LocalFree,	0_2_000002674E193730

Source: unknown

HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49700 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1DB78C FindClose,FindFirstFileExW,GetLastError,		0_2_000002674E1DB78C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1DB83C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,		0_2_000002674E1DB83C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1A24F0 GetLogicalDriveStringsW,

0_2_000002674E1A24F0

Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.7:49699 -> 109.172.94.66:15666
Source: Network traffic	Suricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.7:49699 -> 109.172.94.66:15666

Source: global traffic

TCP traffic: 192.168.2.7:49699 -> 109.172.94.66:15666

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205

Source: Joe Sandbox View

ASN Name: SUMTEL-AS-RIPEMoscowRussiaRU SUMTEL-AS-RIPEMoscowRussiaRU

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic	Suricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.7:49699 -> 109.172.94.66:15666
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.7:49733
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.7:54363

Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66
Source: unknown	TCP traffic detected without corresponding DNS query: 109.172.94.66

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1A0420 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,Concurrency::cancel_current_task,

0_2_000002674E1A0420

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: api.ipify.org

Source: file.exe, 00000000.00000002.1323248860.000002674C6DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.v
Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443

Source: unknown

HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49700 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1A0CE0 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

0_2_000002674E1A0CE0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A5080 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,	0_2_000002674E1A5080
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A57C0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,	0_2_000002674E1A57C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1F66C0 NtQuerySystemInformation,	0_2_000002674E1F66C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1F66D0 NtAllocateVirtualMemory,	0_2_000002674E1F66D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1F66F0 NtQueryObject,	0_2_000002674E1F66F0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A0420	0_2_000002674E1A0420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1AA190	0_2_000002674E1AA190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A31C0	0_2_000002674E1A31C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E164320	0_2_000002674E164320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E15EF90	0_2_000002674E15EF90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19A050	0_2_000002674E19A050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E150EE0	0_2_000002674E150EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19FBE0	0_2_000002674E19FBE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A7C28	0_2_000002674E1A7C28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A0CE0	0_2_000002674E1A0CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E15CD10	0_2_000002674E15CD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A19A0	0_2_000002674E1A19A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1BE994	0_2_000002674E1BE994
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E182B50	0_2_000002674E182B50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A27A0	0_2_000002674E1A27A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1DB83C	0_2_000002674E1DB83C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E15D860	0_2_000002674E15D860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E15E8F0	0_2_000002674E15E8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1C25B4	0_2_000002674E1C25B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1515D0	0_2_000002674E1515D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A8610	0_2_000002674E1A8610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B83D0	0_2_000002674E1B83D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B640C	0_2_000002674E1B640C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E126480	0_2_000002674E126480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E191470	0_2_000002674E191470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E18E570	0_2_000002674E18E570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E17B1C0	0_2_000002674E17B1C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1DE1A8	0_2_000002674E1DE1A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1581E0	0_2_000002674E1581E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1CB230	0_2_000002674E1CB230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E177230	0_2_000002674E177230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E15C230	0_2_000002674E15C230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E18E250	0_2_000002674E18E250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E199330	0_2_000002674E199330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1F6368	0_2_000002674E1F6368
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E189FA0	0_2_000002674E189FA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19BFA0	0_2_000002674E19BFA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B9FA4	0_2_000002674E1B9FA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E127010	0_2_000002674E127010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E15205E	0_2_000002674E15205E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1700B9	0_2_000002674E1700B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1260C0	0_2_000002674E1260C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B4100	0_2_000002674E1B4100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E15B110	0_2_000002674E15B110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1F6140	0_2_000002674E1F6140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19E143	0_2_000002674E19E143
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1C013C	0_2_000002674E1C013C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1F6160	0_2_000002674E1F6160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19E153	0_2_000002674E19E153
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1F6168	0_2_000002674E1F6168
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B5DC4	0_2_000002674E1B5DC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1C2DB8	0_2_000002674E1C2DB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E193E10	0_2_000002674E193E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E16CE50	0_2_000002674E16CE50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E185F10	0_2_000002674E185F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E18DF30	0_2_000002674E18DF30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1C0BBC	0_2_000002674E1C0BBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B5BDC	0_2_000002674E1B5BDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E18DC00	0_2_000002674E18DC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E151C00	0_2_000002674E151C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E197BF0	0_2_000002674E197BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E17CC5D	0_2_000002674E17CC5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E191C50	0_2_000002674E191C50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B6CA4	0_2_000002674E1B6CA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E159D69	0_2_000002674E159D69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B59F4	0_2_000002674E1B59F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1C9A74	0_2_000002674E1C9A74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1BFABC	0_2_000002674E1BFABC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A5B10	0_2_000002674E1A5B10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1917A0	0_2_000002674E1917A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B679C	0_2_000002674E1B679C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1A57C0	0_2_000002674E1A57C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1477B0	0_2_000002674E1477B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1C2830	0_2_000002674E1C2830
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E18E8A0	0_2_000002674E18E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E18D900	0_2_000002674E18D900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E126900	0_2_000002674E126900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1BF60C	0_2_000002674E1BF60C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E196650	0_2_000002674E196650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E190690	0_2_000002674E190690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E16E6D9	0_2_000002674E16E6D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E149760	0_2_000002674E149760
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1E274C	0_2_000002674E1E274C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E146770	0_2_000002674E146770

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 000002674E152030 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 000002674E14D7E0 appears 50 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 000002674E156CA0 appears 41 times

Source: classification engine

Classification label: mal92.troj.spyw.winEXE@1/0@1/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1A6F60 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,

0_2_000002674E1A6F60

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E15E8F0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_000002674E15E8F0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E190885 CoCreateInstance,

0_2_000002674E190885

Source: C:\Users\user\Desktop\file.exe

Mutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963E617C0C4

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: file.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: file.exe

Static file information: File size 2640384 > 1048576

Source: file.exe

Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x247600

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E15D860 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_000002674E15D860

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19F8C0 push rsp; ret	0_2_000002674E19F8C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19F8C4 push rsp; ret	0_2_000002674E19F8C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19F8B8 push rsp; ret	0_2_000002674E19F8B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19F8BC push rsp; ret	0_2_000002674E19F8BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19F8B4 push rsp; ret	0_2_000002674E19F8B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19F8C8 push rsp; ret	0_2_000002674E19F8C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E19F8CC push rsp; ret	0_2_000002674E19F8CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E197910 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,

0_2_000002674E197910

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1DB78C FindClose,FindFirstFileExW,GetLastError,		0_2_000002674E1DB78C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1DB83C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,		0_2_000002674E1DB83C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1A24F0 GetLogicalDriveStringsW,

0_2_000002674E1A24F0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1B86B8 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

0_2_000002674E1B86B8

Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1323193385.000002674C6D2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node			graph_0-63117
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node			graph_0-63112

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1A57C0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,

0_2_000002674E1A57C0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1B0D38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_000002674E1B0D38

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1DD7B0 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_000002674E1DD7B0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E15D860 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_000002674E15D860

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1F62E0 SetUnhandledExceptionFilter,		0_2_000002674E1F62E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000002674E1B0D38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_000002674E1B0D38

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E196650 ShellExecuteW,

0_2_000002674E196650

Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_000002674E1F6398
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoEx,FormatMessageA,	0_2_000002674E1DB400
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_000002674E1BD53C
Source: C:\Users\user\Desktop\file.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_000002674E1C8364
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_000002674E1BCFF8
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_000002674E1C8D98
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_000002674E1C8BBC
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_000002674E1C86B0
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_000002674E1C8780

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1CF11C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_000002674E1CF11C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1A12C0 GetUserNameW,

0_2_000002674E1A12C0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000002674E1A27A0 GetTimeZoneInformation,

0_2_000002674E1A27A0

Stealing of Sensitive Information

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: file.exe PID: 3812, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 0.2.file.exe.2674e120000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.2674e120000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3812, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Electrum\wallets
Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectronCash\wallets
Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Exodus\exodus.wallet
Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore
Source: file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Remote Access Functionality

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: file.exe PID: 3812, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 0.2.file.exe.2674e120000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.2674e120000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3812, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Access Token Manipulation	1 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	1 Email Collection	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	2 Obfuscated Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Archive Collected Data	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Account Discovery	Distributed Component Object Model	2 Data from Local System	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 System Owner/User Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	24 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	11%	ReversingLabs

Source	Detection	Scanner	Label
https://api.ipify.org/	0%	URL Reputation	safe
https://api.ipify.org	0%	URL Reputation	safe
http://crl.v	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	104.26.13.205	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.ipify.org	file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.v	file.exe, 00000000.00000002.1323248860.000002674C6DF000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ipify.org/=	file.exe, 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
109.172.94.66	unknown	Russian Federation		41691	SUMTEL-AS-RIPEMoscowRussiaRU	true
104.26.13.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546019
Start date and time:	2024-10-31 11:33:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal92.troj.spyw.winEXE@1/0@1/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 68 Number of non-executed functions: 123
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.172.94.66	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
104.26.13.205	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	Prismifyr-Install.exe	Get hash	malicious	Node Stealer	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	Proforma Invoice.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	#Uad6c#Ub9e4 #Uc8fc#Ubb38 658749 #Ubc0f 658752..exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	Quotation.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	172.67.74.152
	https://www.canva.com/design/DAGVD7_HMvQ/PFkDB3TDx6Ru4nNALhSqqQ/view?utm_content=DAGVD7_HMvQ&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	104.26.13.205
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	104.26.12.205
	https://schiller.life/	Get hash	malicious	HTMLPhisher	Browse	104.26.12.205
	SecuriteInfo.com.Win32.PWSX-gen.31738.17793.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	Biocon-In-Service Agreement.pdf	Get hash	malicious	EvilProxy, HTMLPhisher	Browse	104.26.13.205
	skuld3.exe	Get hash	malicious	Skuld Stealer	Browse	104.26.13.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	https://flaviarc.com/vrecord%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	HTMLPhisher	Browse	104.18.3.157
	Eprdtdrqbr.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	N#U00b0 DE PEDIDO DE ABARROTES DE NOVIEMBRE 2024.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exe	Get hash	malicious	FormBook	Browse	172.67.177.220
	Proforma Invoice.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	24602711 Inv_Or.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	188.114.96.3
	http://www.thearchiterra.gr/	Get hash	malicious	Unknown	Browse	104.17.25.14
	MP2318GJ-P 18000pcs.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	hesaphareketi-01.exe	Get hash	malicious	MassLogger RAT	Browse	188.114.96.3
SUMTEL-AS-RIPEMoscowRussiaRU	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	109.172.94.66
	sh4.elf	Get hash	malicious	Unknown	Browse	87.117.138.145
	yakuza.i686.elf	Get hash	malicious	Unknown	Browse	178.130.55.72
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	109.172.60.44
	BwqqVoHR71.exe	Get hash	malicious	GO Backdoor	Browse	109.172.88.38
	antispam_connect1.exe	Get hash	malicious	GO Backdoor	Browse	109.172.88.38
	na.elf	Get hash	malicious	Mirai, Moobot	Browse	89.221.206.246
	wa_3rd_party_host_32.exe	Get hash	malicious	GO Backdoor	Browse	109.172.88.38
	uyTCVR3mBl.elf	Get hash	malicious	Unknown	Browse	89.221.225.163
	mtTw7o41OC.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	109.172.114.38

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Contrato.exe	Get hash	malicious	DarkCloud	Browse	104.26.13.205
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	Quotation.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	SecuriteInfo.com.BackDoor.AgentTeslaNET.20.28177.5145.exe	Get hash	malicious	DarkCloud	Browse	104.26.13.205
	nOrden_de_Compra___0001245.vbs	Get hash	malicious	Remcos, GuLoader	Browse	104.26.13.205
	Ky4J8k89A7.exe	Get hash	malicious	Stealc, Vidar, Xmrig	Browse	104.26.13.205
	b4s45TboUL.exe	Get hash	malicious	Stealc, Vidar	Browse	104.26.13.205
	rCommercialoffer_Technicaloffer_pdf.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.26.13.205
	Justificante de pago.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.26.13.205
	rPO-000172483.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.26.13.205

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	3.8333396760309246
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'640'384 bytes
MD5:	ab7d13fd2200b07c2bc9fe3b3f7cc837
SHA1:	22943e1fbf9c32a3bb716a002de1a8e598bbf169
SHA256:	17b7ba466ce248a1f9a337d4e6a7ab092a6bb2608246c08a348b525c8e3a9311
SHA512:	b0927525d1a4001eff195632511b63094d69511d57456e6be8c201c9d67383a41e9aae775c352e25ff62d41ab8a7e65ac329f83ec70ba74fc6183005aa9ab1eb
SSDEEP:	24576:yCzGVH7Och0lhSMXlkixcVptzXRYPWVvg3VWprEuOAQm9os:yMGVbo0ixYpBBSlW6lo
TLSH:	7BC50149B7A144F9F5278274C8A60A89D73338150B919BDF07BCC6A52F277D0AE39F81
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......T`b..............S..........................G...[y......[y......[y......(.......X...4...[y..............[.......[.......[......

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x14002e630
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6720F953 [Tue Oct 29 15:03:47 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	cdd1173aeabddc45e0cd98174340d979

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F5CD4BFBA2Ch
dec eax
add esp, 28h
jmp 00007F5CD4BFAE9Fh
int3
int3
dec eax
sub esp, 28h
dec ebp
mov eax, dword ptr [ecx+38h]
dec eax
mov ecx, edx
dec ecx
mov edx, ecx
call 00007F5CD4BFB032h
mov eax, 00000001h
dec eax
add esp, 28h
ret
int3
int3
int3
inc eax
push ebx
inc ebp
mov ebx, dword ptr [eax]
dec eax
mov ebx, edx
inc ecx
and ebx, FFFFFFF8h
dec esp
mov ecx, ecx
inc ecx
test byte ptr [eax], 00000004h
dec esp
mov edx, ecx
je 00007F5CD4BFB035h
inc ecx
mov eax, dword ptr [eax+08h]
dec ebp
arpl word ptr [eax+04h], dx
neg eax
dec esp
add edx, ecx
dec eax
arpl ax, cx
dec esp
and edx, ecx
dec ecx
arpl bx, ax
dec edx
mov edx, dword ptr [eax+edx]
dec eax
mov eax, dword ptr [ebx+10h]
mov ecx, dword ptr [eax+08h]
dec eax
mov eax, dword ptr [ebx+08h]
test byte ptr [ecx+eax+03h], 0000000Fh
je 00007F5CD4BFB02Dh
movzx eax, byte ptr [ecx+eax+03h]
and eax, FFFFFFF0h
dec esp
add ecx, eax
dec esp
xor ecx, edx
dec ecx
mov ecx, ecx
pop ebx
jmp 00007F5CD4BFAA66h
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [0000BA2Fh]
dec eax
mov ecx, ebx
call dword ptr [0000BA1Eh]
call dword ptr [0000B990h]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [0000BA14h]
dec eax
mov dword ptr [esp+00h], ecx

Rich Headers

Programming Language:

[IMP] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x280a54	0x8c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x288000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x285000	0x2d60	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x289000	0x94c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x27b770	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x27b630	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3a000	0x380	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x38094	0x38200	65d4d1be0a6460869c5daa444f92d6db	False	0.5292011762249443	data	6.552788904475446	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x3a000	0x2475fa	0x247600	861bbf3cac86f1e435d75059f1187ac3	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x282000	0x28fc	0x1400	5bf55c038fe49f9015242be39b0a96b3	False	0.1732421875	data	2.7583982019216005	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x285000	0x2d60	0x2e00	c1e2097dc4b053bedb9c6a0caf752774	False	0.47834578804347827	data	5.561374968025357	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x288000	0x1e0	0x200	7b8b3bec2298c35473239c5eb059fcf0	False	0.52734375	data	4.7122981932940915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x289000	0x94c	0xa00	353bd694c00da43465a9149102e7e2b9	False	0.488671875	data	5.259760371222032	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x288060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
ntdll.dll	RtlImageDirectoryEntryToData, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareMemory, NtProtectVirtualMemory, RtlImageNtHeader, NtQueryVirtualMemory, RtlGetNtVersionNumbers
KERNEL32.dll	LocalFree, FreeEnvironmentStringsW, GetEnvironmentStringsW, VirtualFree, VirtualAlloc, GetModuleHandleW, LoadLibraryA, WriteFile, CreateFileW, CloseHandle, GetProcAddress, GetCurrentProcess, FlushInstructionCache, VirtualQuery, WriteProcessMemory, EnterCriticalSection, GetModuleFileNameW, LeaveCriticalSection, GetModuleHandleA, MultiByteToWideChar, ExitProcess, WideCharToMultiByte, GetLastError, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetCurrentThreadId, DeleteCriticalSection, GetStdHandle, GetStartupInfoW, RaiseException, HeapReAlloc, HeapSize, GetProcessHeap, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, GetSystemTimeAsFileTime, FreeLibrary, LoadLibraryExW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetStringTypeW, GetModuleHandleExW, SetFilePointerEx, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, WriteConsoleW, QueryPerformanceCounter, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, DecodePointer, FindNextFileW, FindFirstFileExW, FindClose, GetFileType, InitializeCriticalSectionEx
USER32.dll	LoadAcceleratorsW, LoadAcceleratorsA
ADVAPI32.dll	OpenProcessToken, GetTokenInformation
OLEAUT32.dll	SafeArrayAccessData, SafeArrayCreateVector, SafeArrayCreate, SafeArrayUnaccessData, SafeArrayPutElement, SysFreeString, SafeArrayDestroy, SysAllocString
mscoree.dll	CLRCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-31T11:34:15.039636+0100	2049441	ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt	1	192.168.2.7	49699	109.172.94.66	15666	TCP
2024-10-31T11:34:15.039636+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.7	49699	109.172.94.66	15666	TCP
2024-10-31T11:34:15.039636+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.7	49699	109.172.94.66	15666	TCP
2024-10-31T11:34:15.045286+0100	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.7	49699	109.172.94.66	15666	TCP
2024-10-31T11:34:15.045286+0100	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.7	49699	109.172.94.66	15666	TCP
2024-10-31T11:34:30.219355+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	52.149.20.212	443	192.168.2.7	49733	TCP
2024-10-31T11:35:10.399790+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	52.149.20.212	443	192.168.2.7	54363	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 31, 2024 11:34:11.847124100 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:11.852081060 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:11.852209091 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:12.410936117 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:12.410979986 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:12.411071062 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:12.413826942 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:12.413841009 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:13.033571005 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:13.033679962 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:13.159813881 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:13.159843922 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:13.160382032 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:13.160444975 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:13.165626049 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:13.211329937 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:13.340480089 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:13.340588093 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:13.340614080 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:13.340631962 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:13.340672016 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:13.340696096 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:13.585604906 CET	49700	443	192.168.2.7	104.26.13.205
Oct 31, 2024 11:34:13.585627079 CET	443	49700	104.26.13.205	192.168.2.7
Oct 31, 2024 11:34:15.039635897 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.045193911 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.045209885 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.045219898 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.045224905 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.045285940 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.045295000 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.045305967 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.045315981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.045320988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.045351028 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.045377970 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.050432920 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050519943 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.050582886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050594091 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050602913 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050637960 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.050666094 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.050687075 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050698042 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050707102 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050715923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050738096 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.050767899 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.050832033 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050843000 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050889015 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.050982952 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.050992012 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.051001072 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.051059008 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.055949926 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056071043 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.056096077 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056104898 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056163073 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.056230068 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056238890 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056291103 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.056365967 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056375980 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056427956 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.056530952 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056541920 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056550980 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.056588888 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.056611061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.061399937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061466932 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.061546087 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061599016 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.061691999 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061744928 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.061821938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061830997 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061841965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061851025 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061877012 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.061897039 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.061938047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061948061 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061956882 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061965942 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.061990023 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.062016964 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.062115908 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062130928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062140942 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062150002 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062160015 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062166929 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.062169075 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062184095 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.062203884 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.062227011 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.062319040 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062329054 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062336922 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062345028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.062370062 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.062390089 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.066937923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.066947937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067023993 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067063093 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067073107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067111015 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067131042 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067220926 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067230940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067239046 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067248106 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067276955 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067296982 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067359924 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067368984 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067416906 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067466021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067475080 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067483902 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067492962 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067501068 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067509890 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067517996 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067538977 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067549944 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067584991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067595005 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067599058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067601919 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067646980 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067671061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067722082 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067732096 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067739964 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067749023 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067759991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067784071 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067802906 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067853928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067862988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067872047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.067904949 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.067920923 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.068003893 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.068012953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.068064928 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.072335005 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072391033 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.072470903 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072480917 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072525978 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.072611094 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072621107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072628975 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072670937 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.072738886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072747946 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072756052 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072765112 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072773933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072794914 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.072815895 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.072829008 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.072877884 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072887897 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.072932959 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073043108 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073051929 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073060989 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073101997 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073111057 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073122025 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073129892 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073138952 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073148012 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073165894 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073168993 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073175907 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073185921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073194981 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073195934 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073205948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073220015 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073223114 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073239088 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073251963 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073260069 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073268890 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073278904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073288918 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073298931 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073303938 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073307991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073313951 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073318005 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.073327065 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073345900 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.073378086 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.077815056 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.077867031 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.077949047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.077959061 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.077966928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.077975035 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078008890 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078033924 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078084946 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078150988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078224897 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078236103 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078244925 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078254938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078263044 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078269958 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078289032 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078311920 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078342915 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078363895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078372955 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078385115 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078421116 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078690052 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078700066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078747034 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078788042 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078798056 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078805923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078814983 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078840017 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078850985 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078917027 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078927040 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078936100 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078943968 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.078970909 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.078991890 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.079050064 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079060078 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079070091 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079106092 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.079168081 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079179049 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079186916 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079195023 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079204082 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079212904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079226017 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.079253912 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.079289913 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079301119 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079308987 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079328060 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079344988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.079365015 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.079473019 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079483032 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.079540968 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.083421946 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083466053 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083479881 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083481073 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.083493948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083506107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083518982 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.083559036 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.083590031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083604097 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083646059 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.083708048 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083720922 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083733082 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083745956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083766937 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.083781958 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.083791971 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.083848953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083862066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.083905935 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.083937883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084063053 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084084034 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084096909 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084124088 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084142923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084147930 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084157944 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084171057 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084208965 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084290028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084305048 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084316969 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084358931 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084384918 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084424019 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084438086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084469080 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084484100 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084578991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084593058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084604025 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084615946 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084640026 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084667921 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084702015 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084714890 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084727049 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084752083 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084774017 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084819078 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084830999 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084845066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084856033 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084856987 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084891081 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084907055 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.084971905 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084985971 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.084997892 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.085010052 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.085017920 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.085024118 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.085026979 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.085052013 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.085071087 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.085093021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.085105896 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.085118055 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.085134983 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.085144043 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.085163116 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.085248947 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.085309982 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.088964939 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089024067 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089095116 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089109898 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089122057 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089169979 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089210987 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089224100 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089236021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089246988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089266062 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089278936 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089315891 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089349031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089363098 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089375973 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089387894 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089405060 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089421988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089452982 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089476109 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089489937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089512110 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089536905 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089554071 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089632988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089646101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089679956 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089698076 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089777946 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089790106 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089802980 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089816093 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089831114 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089850903 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089864016 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089874983 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089886904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089900017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089911938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.089915037 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089929104 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.089953899 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090023994 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090039015 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090070009 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090081930 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090096951 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090217113 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090245008 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090255976 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090269089 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090280056 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090296984 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090312004 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090363979 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090377092 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090388060 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090399981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090416908 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090425968 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090455055 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090466976 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090480089 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090491056 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090502977 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090517044 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090548992 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090575933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090598106 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090611935 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090624094 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090635061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090636015 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090648890 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090652943 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090662003 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090679884 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090714931 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.090898037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.090948105 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.094685078 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.094739914 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.094811916 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.094830036 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.094841957 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.094875097 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.094892979 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.094928980 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.094942093 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.094954967 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.094966888 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.094986916 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095001936 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095076084 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095088959 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095102072 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095122099 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095133066 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095215082 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095262051 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095346928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095360994 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095371962 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095385075 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095396042 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095407963 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095408916 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095422029 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095429897 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095432997 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095447063 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095451117 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095458984 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095469952 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095474005 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095484018 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095485926 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095496893 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095504045 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095520020 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095531940 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095541954 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095555067 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095566034 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095581055 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095594883 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095602036 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095607996 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095613956 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095622063 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095660925 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095679045 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095691919 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095702887 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095730066 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095740080 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095822096 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095834017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095844984 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095856905 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095879078 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095894098 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.095982075 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.095993996 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096021891 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096034050 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096091986 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096112967 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096126080 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096133947 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096137047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096149921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096160889 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096189976 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096239090 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096251965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096287012 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096362114 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096374989 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096385956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096400976 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096410990 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096415043 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096425056 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096427917 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096462011 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096478939 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.096510887 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.096553087 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.100395918 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100414991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100478888 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100492001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100502968 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100514889 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100589037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100601912 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100613117 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100625038 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100728035 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100740910 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100754023 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.100852013 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101012945 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101025105 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101036072 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101047993 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101125002 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101138115 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101150036 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101161003 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101172924 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101267099 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101279020 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101289988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101442099 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101454020 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101465940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101526022 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101537943 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101548910 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101561069 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101574898 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101586103 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101629972 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101641893 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101651907 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101664066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101675987 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101691008 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101742029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101753950 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101768017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101779938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101792097 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101804018 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101869106 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101881981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101892948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101905107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101917028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101928949 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.101999044 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.102010965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.102020979 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.102031946 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.102154016 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.105685949 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.105783939 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.107641935 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.110042095 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111006021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111022949 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111047029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111058950 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111063957 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111083031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111095905 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111100912 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111129045 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111136913 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111171961 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111176014 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111211061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111294031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111341953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111387014 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111443043 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111475945 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111521006 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111577988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111591101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111624002 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111625910 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111641884 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111654043 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111666918 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111679077 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111706018 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111715078 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111771107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111783981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111805916 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111818075 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111824036 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111840010 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111860037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111864090 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111874104 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111901999 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111903906 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111916065 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111927032 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.111946106 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111962080 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.111998081 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.112010956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.112046003 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.112046957 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.112061024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.112104893 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.112395048 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.112407923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.112445116 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.112792969 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.114007950 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.155837059 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.155991077 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.156079054 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.156096935 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.164391994 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.164625883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.164722919 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.164752960 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.169691086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.169709921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.169742107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.169758081 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.169770002 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.169780970 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.169785976 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.169794083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.169816017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.169820070 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.169828892 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.169842005 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.169846058 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.169873953 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.176300049 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.176587105 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.176659107 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.176675081 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181595087 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181615114 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181638956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181652069 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181654930 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181665897 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181673050 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181674004 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181688070 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181701899 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181703091 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181711912 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181730986 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181754112 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181767941 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181780100 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181802988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181802988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181818008 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181819916 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181843042 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181862116 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181870937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181884050 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181915998 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181922913 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181930065 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181961060 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.181965113 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.181974888 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182008028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182010889 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182022095 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182053089 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182061911 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182097912 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182100058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182147026 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182152987 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182164907 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182204962 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182284117 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182296991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182320118 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182332993 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182334900 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182364941 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182373047 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182383060 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182395935 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182441950 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182449102 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182461977 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182488918 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182497025 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182512045 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182534933 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182538986 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182552099 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182554007 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182579041 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182585001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182585955 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182627916 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182652950 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182665110 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182676077 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182697058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182704926 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182708979 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182749033 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182749987 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182761908 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182790995 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182796955 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182805061 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182837963 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182857990 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182871103 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182893991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182905912 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182917118 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182940006 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182945967 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.182952881 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182985067 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.182987928 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.183001041 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183024883 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183033943 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.183069944 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.183079004 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183092117 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183125019 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.183151960 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183163881 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183175087 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183195114 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.183196068 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183208942 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183212042 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.183237076 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183238983 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.183248997 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183279037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183290958 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.183341980 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.183388948 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186511993 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186562061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186687946 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186702967 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186727047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186737061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186742067 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186747074 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186757088 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186768055 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186774969 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186783075 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186795950 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186808109 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186820030 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186832905 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186878920 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186886072 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186903000 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186923027 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186935902 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186942101 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186965942 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186969042 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.186975002 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.186983109 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187004089 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187024117 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187026978 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187046051 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187077999 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187082052 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187089920 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187123060 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187130928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187144041 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187158108 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187174082 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187181950 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187202930 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187242985 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187256098 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187267065 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187284946 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187289953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187298059 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187309027 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187320948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187329054 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187376022 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187388897 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187423944 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187432051 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187437057 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187470913 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187474966 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187488079 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187515974 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187517881 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187525034 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187529087 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187556028 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187566042 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187592983 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187606096 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187618971 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187630892 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187639952 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187658072 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187674046 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187680960 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187688112 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187711000 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187735081 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187747955 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187752008 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187788010 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187798977 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187810898 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187824965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187835932 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187849998 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187874079 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187874079 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187886953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187922001 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187922955 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187937021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187964916 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187973022 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.187978983 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.187993050 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188040972 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188047886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188060045 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188088894 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188100100 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188110113 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188133001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188138008 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188160896 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188170910 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188173056 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188196898 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188208103 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188215971 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188227892 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188247919 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188265085 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188285112 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188302994 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188344955 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188360929 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188374043 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188409090 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188414097 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188427925 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188452959 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188463926 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.188545942 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188559055 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.188596964 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.191517115 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191555023 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191571951 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.191592932 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191601992 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.191637039 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.191679001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191699028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191719055 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191726923 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.191768885 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.191855907 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191869020 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191879034 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191893101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191905975 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.191921949 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.191941977 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.191960096 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191972971 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.191992998 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192017078 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192028999 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192033052 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192044973 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192065954 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192082882 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192095041 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192106962 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192116022 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192132950 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192142963 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192184925 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192198992 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192212105 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192233086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192234993 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192265034 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192271948 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192284107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192296028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192332983 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192367077 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192379951 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192415953 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192452908 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192466021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192480087 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192502022 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192507982 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192524910 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192547083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192553997 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192562103 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192590952 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192598104 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192610979 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192624092 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192663908 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.192667007 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192679882 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.192717075 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.235836029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.236013889 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.236093044 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.236126900 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.283813000 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.283997059 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.284075975 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.284097910 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.320897102 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.321068048 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.321141958 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.321167946 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.326220989 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.326291084 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.367875099 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.368115902 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.368210077 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.368236065 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.414114952 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.414279938 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.414360046 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.414378881 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.419346094 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.419365883 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.419390917 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.419404030 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.419414997 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.419418097 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.419428110 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.419437885 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.419452906 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.419465065 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.419490099 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.419512033 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.459896088 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.460055113 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.460134029 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.460160971 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.498370886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.498523951 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.498598099 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.498620987 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503473997 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503492117 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503514051 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503525019 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503535986 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503547907 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503571033 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503577948 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503582001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503593922 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503614902 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503622055 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503628969 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503648996 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503659964 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503674030 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503690958 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503703117 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503715038 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503725052 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503737926 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503747940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503767967 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503781080 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503792048 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503810883 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503820896 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503829956 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503845930 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503866911 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503880024 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503880978 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503937006 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503947973 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503961086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.503978014 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.503989935 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504002094 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504010916 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504024029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504030943 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.504055977 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.504065990 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504070044 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.504077911 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504090071 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504106045 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504142046 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.504189968 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504203081 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504214048 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504225969 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504236937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504256964 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504262924 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.504273891 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504282951 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.504323006 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.504339933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504350901 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504369020 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.504407883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.504427910 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.547811985 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.547985077 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.548058033 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.548090935 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.575341940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.575504065 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.575576067 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.575609922 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580507994 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580543995 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580590963 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580593109 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580606937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580630064 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580641985 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580650091 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580677986 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580683947 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580696106 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580698013 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580719948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580733061 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580737114 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580765963 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580769062 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580784082 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580806017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580816984 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580820084 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580836058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580852032 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580858946 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580887079 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580903053 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580909967 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580941916 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580951929 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580971956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.580988884 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.580998898 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581022024 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581062078 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581072092 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581084013 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581129074 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581139088 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581161022 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581182957 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581257105 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581279039 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581293106 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581307888 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581337929 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581379890 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581394911 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581408024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581418991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581439972 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581439972 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581454039 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581482887 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581527948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581538916 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581543922 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581588030 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581598043 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581612110 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581648111 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581655025 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581711054 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581743956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581757069 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581768990 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581783056 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581794977 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581801891 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581844091 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581845999 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581921101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581933022 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581954956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581964016 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581970930 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581984997 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.581985950 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.581998110 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582004070 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582009077 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582046032 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582093954 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582106113 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582118034 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582145929 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582175016 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582217932 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582247019 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582252979 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582293987 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582335949 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582349062 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582359076 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582392931 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582415104 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582427979 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582444906 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582458019 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582465887 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582499981 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582531929 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582545042 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582556963 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582572937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582581997 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582586050 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582602978 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582623005 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582629919 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582688093 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582700968 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582712889 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582715988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582731962 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582767010 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582792044 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582876921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582890034 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582895994 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582926989 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.582932949 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582945108 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.582982063 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.583010912 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.583024025 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.583034992 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.583049059 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.583060980 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.583076954 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.583106041 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.583159924 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.583173037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.583184004 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.583206892 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.583226919 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.623859882 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.624015093 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.624085903 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.624121904 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.653225899 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.653417110 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.653489113 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.653518915 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658453941 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658495903 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658515930 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658519983 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658535004 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658549070 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658549070 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658575058 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658592939 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658595085 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658618927 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658631086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658663034 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658683062 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658688068 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658713102 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658742905 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658761978 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658773899 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658811092 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658819914 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658890009 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658936024 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.658977985 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.658992052 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659004927 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659025908 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659048080 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659065008 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659128904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659142017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659156084 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659168005 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659178019 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659212112 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659223080 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659250975 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659265041 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659322023 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659332037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659384966 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659390926 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659404993 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659425974 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659446955 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659451008 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659460068 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659466028 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659476042 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659507036 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659554958 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659559965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659575939 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659590006 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659598112 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659615993 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659621000 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659636021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659636021 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659648895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659698009 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659748077 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659761906 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659792900 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659797907 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659837008 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659851074 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659866095 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659888029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659904003 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659929037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659938097 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659944057 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659972906 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.659980059 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.659987926 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660021067 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660024881 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660038948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660053968 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660079956 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660093069 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660103083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660115957 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660161972 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660233974 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660307884 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660321951 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660336018 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660356045 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660381079 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660382032 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660396099 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660425901 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660429955 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660479069 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660485029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660499096 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660510063 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660533905 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660554886 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660582066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660594940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660620928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660630941 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660672903 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660703897 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660717964 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660728931 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660749912 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660763979 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660763979 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660806894 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660809040 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660820007 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660866976 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660868883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660881996 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660896063 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660918951 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660934925 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.660949945 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660963058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.660995007 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661010027 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.661036968 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.661039114 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661053896 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661091089 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.661125898 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661144972 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661156893 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661199093 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.661222935 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661237001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661250114 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661262989 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661278009 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.661292076 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661303043 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.661305904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661319971 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661335945 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.661361933 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.661374092 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.663501978 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.663551092 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.663562059 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.663602114 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.663604021 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.663636923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.663642883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.663691998 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.663749933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.663759947 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.663803101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.663815975 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.663845062 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.663849115 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.663860083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.663899899 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664000988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664084911 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664127111 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664128065 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664150953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664206982 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664330959 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664341927 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664387941 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664390087 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664427042 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664436102 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664462090 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664474964 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664503098 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664520979 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664549112 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664599895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664664030 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664701939 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664753914 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664787054 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664838076 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664841890 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664891958 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.664978981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.664999008 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665028095 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665051937 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665184021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665237904 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665313959 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665359974 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665385962 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665430069 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665452957 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665507078 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665538073 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665577888 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665586948 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665616989 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665631056 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665661097 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665831089 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665869951 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.665873051 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665918112 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.665927887 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.666003942 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.666006088 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.666052103 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.666141987 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.666162968 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.666189909 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.666204929 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.666210890 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.666224957 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.666270018 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.666323900 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.666376114 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.666444063 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.666455984 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.666500092 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.668391943 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668447018 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.668457031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668499947 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.668595076 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668608904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668653011 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.668664932 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668704033 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668719053 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.668749094 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668752909 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.668761969 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668808937 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.668821096 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668869019 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.668925047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668939114 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.668967962 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.668983936 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669019938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669075012 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669099092 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669128895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669174910 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669241905 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669290066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669295073 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669332981 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669339895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669378042 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669390917 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669418097 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669435024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669481993 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669595003 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669656038 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669722080 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669744015 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669816017 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669845104 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669913054 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.669939995 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669951916 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669961929 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.669974089 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670018911 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670063972 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670115948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670161009 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670264006 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670286894 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670301914 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670334101 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670351982 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670378923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670417070 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670420885 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670428991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670470953 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670511007 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670552969 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670557022 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670598030 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670676947 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670722961 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670850992 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670896053 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670912027 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.670922041 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.670970917 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.671009064 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.671061039 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.671066046 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.671114922 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.671142101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.671150923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.671189070 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.671257019 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.671303988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.671375036 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.671392918 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.671401024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.671422005 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.671449900 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.673281908 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673352003 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673365116 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.673403025 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.673511028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673525095 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673577070 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.673629045 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673644066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673682928 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.673718929 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673738003 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673748970 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673768997 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.673794985 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.673804045 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673847914 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.673861027 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673918962 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.673970938 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.673988104 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674031973 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674045086 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674067020 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674072981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674118996 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674170017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674185038 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674220085 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674243927 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674288988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674355984 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674462080 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674465895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674489975 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674513102 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674537897 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674555063 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674576044 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674602985 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674622059 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674665928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674710035 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674724102 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674748898 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.674834967 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.674879074 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675148010 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675210953 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675219059 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675270081 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675333977 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675379992 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675405025 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675425053 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675436974 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675456047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675456047 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675476074 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675498009 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675528049 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675542116 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675582886 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675601006 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675671101 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675793886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675837040 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675843954 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675889015 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675894976 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675939083 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.675976992 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.675990105 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.676039934 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.676095009 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.676107883 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.676155090 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.676176071 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.676217079 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.676250935 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.676309109 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.676352024 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.678360939 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.678415060 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.678481102 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.678555012 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.678560972 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.678605080 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.678699017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.678742886 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.678778887 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.678833008 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679096937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679171085 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679172993 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679214001 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679258108 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679291964 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679302931 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679337978 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679413080 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679464102 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679588079 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679641962 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679688931 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679740906 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679769993 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679848909 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679861069 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679893970 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679905891 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.679924965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.679970026 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.680037975 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680087090 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.680190086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680236101 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.680320024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680382013 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680407047 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.680430889 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.680453062 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680465937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680506945 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.680535078 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680577993 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.680691957 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680738926 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.680774927 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680788040 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680835009 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.680890083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.680937052 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681006908 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681138039 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681163073 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681210041 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681246996 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681260109 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681287050 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681298018 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681307077 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681329012 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681339025 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681349039 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681375027 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681416035 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681468964 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681474924 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681550026 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681591988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681605101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681615114 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681629896 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681643963 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681644917 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681657076 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681687117 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681688070 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.681710005 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.681751966 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.683244944 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.683336973 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.683368921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.683413029 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.683453083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.683537960 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.683561087 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.683608055 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.683645010 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.683691025 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684005022 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684056997 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684112072 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684125900 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684174061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684184074 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684236050 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684245110 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684284925 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684322119 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684348106 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684412003 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684444904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684489965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684489965 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684533119 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684559107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684571981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684593916 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684607983 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684618950 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684642076 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684659958 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684689999 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684736013 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684765100 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684797049 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684840918 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684889078 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684901953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684930086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684948921 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684950113 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.684982061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.684992075 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.685038090 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685085058 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.685139894 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685153961 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685164928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685197115 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.685216904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685287952 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685333014 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.685354948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685399055 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685401917 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.685448885 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.685477018 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685504913 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.685527086 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.685554981 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.686094999 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.686161041 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.687125921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.687251091 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688088894 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688152075 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688709974 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688734055 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688745975 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688757896 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688766003 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688771009 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688785076 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688791990 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688797951 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688802958 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688823938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688836098 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688836098 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688851118 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688863039 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688863993 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688879013 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688891888 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688904047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688905001 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688918114 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688920021 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688930988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688944101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688950062 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688957930 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688973904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688975096 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.688993931 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.688994884 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.689008951 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689022064 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689037085 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689038038 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.689062119 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.689086914 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.689457893 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689474106 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689511061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.689528942 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.689587116 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689599991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689632893 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.689644098 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.689717054 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689730883 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689749002 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689784050 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.689943075 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.689986944 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690083981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690098047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690125942 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690138102 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690145016 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690149069 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690161943 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690174103 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690179110 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690186024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690200090 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690201998 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690212965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690226078 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690237999 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690241098 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690258026 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690259933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690278053 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690280914 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690294027 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690304995 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690308094 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690320015 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690334082 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690346003 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690372944 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690534115 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690546989 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690568924 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690581083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690591097 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690628052 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.690653086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690665960 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.690709114 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.691087961 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.691145897 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.692142010 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.692198038 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.693089962 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.693147898 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.694395065 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.694446087 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.694461107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.694477081 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.694513083 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.694535971 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.694539070 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.694578886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.694590092 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.694591045 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.694611073 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.694643021 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.694653988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.694665909 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.694700003 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.695285082 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.695297003 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.695339918 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.695729971 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.695782900 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.696088076 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.696145058 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.696777105 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.696892023 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.697110891 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697175980 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.697468996 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697483063 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697530985 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.697778940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697834015 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.697871923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697884083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697895050 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697905064 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697912931 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.697915077 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697923899 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.697942019 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697947025 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.697953939 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697966099 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697977066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697987080 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.697997093 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698007107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698018074 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698019028 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698029041 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698040962 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698050976 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698052883 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698064089 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698075056 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698076010 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698086023 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698097944 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698106050 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698107958 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698117018 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698118925 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698131084 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698141098 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698143005 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698151112 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698163033 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698172092 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698174000 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698183060 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698187113 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698198080 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698210001 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698211908 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698225975 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698236942 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698237896 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698249102 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698256969 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698261976 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698273897 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698302031 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.698900938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.698945999 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.701170921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.701225042 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.701287031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.701302052 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.701313972 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.701359987 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.701704025 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.701716900 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.701728106 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.701757908 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.701776028 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.702491999 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.702550888 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.702564001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.702614069 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.703025103 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.703038931 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.703079939 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.704874039 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.704893112 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.704906940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.704919100 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.704947948 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.704967022 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.704984903 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.704998970 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.705010891 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.705049992 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.705487013 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.705537081 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706075907 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706093073 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706104994 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706116915 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706129074 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706130028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706142902 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706155062 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706163883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706177950 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706186056 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706193924 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706207037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706228971 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706248999 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706444025 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706456900 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706468105 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706489086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706499100 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706501961 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706515074 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706516027 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706527948 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706533909 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706541061 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706552982 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706563950 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706566095 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706579924 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706588984 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706593037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706607103 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706612110 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706619978 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706631899 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706634045 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706645012 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706656933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706669092 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706669092 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706681013 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706685066 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706692934 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706706047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.706715107 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706738949 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.706760883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.707537889 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707571983 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707585096 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707597017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707608938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707623005 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707629919 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.707659960 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707663059 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.707674026 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.707691908 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707699060 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.707712889 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707727909 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.707739115 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.707750082 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.707765102 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.708933115 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.708952904 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.708965063 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.708990097 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.709007978 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.709501028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.709517956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.709563017 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.710870981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.710923910 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.711036921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.711050034 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.711086988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.711174965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.711188078 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.711210012 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.711232901 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.711235046 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.711250067 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.711271048 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.711283922 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.711286068 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.711322069 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.712968111 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.712986946 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713000059 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713011026 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713022947 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713038921 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713038921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713053942 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713066101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713071108 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713078976 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713099003 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713124990 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713516951 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713572025 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713776112 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713790894 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713803053 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713814020 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713825941 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713838100 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713845015 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713856936 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713861942 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713871002 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713896990 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713898897 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713920116 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713926077 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713932991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713947058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713952065 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713960886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713973045 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.713975906 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.713989973 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714003086 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714009047 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.714026928 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.714046955 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714050055 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.714062929 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714075089 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714097023 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.714127064 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.714509010 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714524031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714534044 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714545965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714557886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714569092 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714570999 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.714582920 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714584112 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.714601994 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.714627028 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.714955091 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714968920 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714978933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.714989901 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715002060 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715013027 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715025902 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715027094 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715050936 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715070009 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715078115 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715091944 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715102911 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715115070 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715126038 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715133905 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715137959 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715156078 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715163946 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715188980 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715229034 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715241909 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715260983 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715280056 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715300083 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715866089 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715895891 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.715918064 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.715934992 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.716516018 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.716567993 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.717318058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.717331886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.717344046 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.717356920 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.717369080 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.717371941 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.717381954 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.717397928 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.717425108 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.717962027 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.717977047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.717989922 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.718003035 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.718003035 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.718015909 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.718024015 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.718061924 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.718898058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.718946934 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.718946934 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.718996048 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.718997002 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.719012976 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.719043970 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.719065905 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720029116 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720082998 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720134020 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720148087 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720160007 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720171928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720187902 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720205069 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720231056 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720235109 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720268011 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720283031 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720314026 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720316887 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720355988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720369101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720372915 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720387936 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720411062 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720429897 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720443010 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720482111 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720494032 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720505953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720562935 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720575094 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720581055 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720592022 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720596075 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720633984 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720650911 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720664024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720685005 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.720711946 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.720721960 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.721035957 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.721049070 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.721060991 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.721081972 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.721100092 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.721601009 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.721615076 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.721626997 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.721667051 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.721889973 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.721946955 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722122908 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722174883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722244024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722266912 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722279072 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722290039 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722295046 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722316027 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722335100 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722395897 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722537994 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722723007 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722737074 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722773075 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722868919 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722882986 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722893953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722907066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722920895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722920895 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722934008 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722934961 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.722953081 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722969055 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.722984076 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.723037958 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723051071 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723063946 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723076105 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723088980 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.723104000 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.723130941 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.723212004 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723258972 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.723829985 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723843098 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723854065 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723866940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723877907 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723890066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.723912001 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.723948956 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.724184036 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724196911 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724245071 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.724322081 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724334002 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724345922 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724389076 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.724628925 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724642038 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724653006 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724682093 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.724781036 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724793911 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.724832058 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.724946976 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.725002050 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.725421906 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.725472927 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.725584030 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.725642920 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.725723028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.725735903 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.725771904 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.725883961 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.725898027 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.725935936 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.726030111 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.726042032 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.726075888 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.726099014 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.726159096 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.726172924 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.726229906 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.767879963 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.772073984 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.772141933 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.772186041 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.772223949 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.772245884 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.819890976 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.820099115 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.820154905 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.820199966 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.820245028 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.820261955 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.867908001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.872147083 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.872230053 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.872293949 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.872338057 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.872356892 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.919899940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.923093081 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.923163891 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.923219919 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.923285961 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.923316002 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.923316956 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.928225040 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.928402901 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.928431034 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.928488970 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.928570986 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.928582907 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.928606033 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.928617001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.928648949 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.928669930 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.928757906 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.928826094 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.928931952 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.928977013 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929061890 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929070950 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929091930 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929142952 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929178953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929223061 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929282904 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929383039 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929394960 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929442883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929451942 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929481030 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929552078 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929584026 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929595947 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929649115 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929672956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929685116 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929717064 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929728031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929740906 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929768085 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929850101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929862022 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929867029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929877043 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929887056 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929898977 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929913998 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929918051 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929934978 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929943085 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929955006 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929955959 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929972887 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929974079 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.929989100 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.929996014 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.930031061 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933480024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933538914 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933561087 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933571100 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933578014 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933583021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933588028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933592081 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933597088 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933612108 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933620930 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933634996 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933649063 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933651924 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933660984 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933671951 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933679104 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933703899 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933707952 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933715105 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933721066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933733940 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933747053 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933768988 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933789968 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933795929 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933808088 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933818102 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933830023 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933839083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933847904 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933859110 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933870077 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933876038 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933878899 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933898926 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933909893 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933917999 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933918953 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933921099 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933940887 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933945894 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933953047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933967113 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.933990955 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.933991909 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934005022 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934015989 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934046030 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934056044 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934067011 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934067965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934081078 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934092045 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934113979 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934129000 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934190035 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934202909 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934211969 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934222937 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934235096 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934242964 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934247017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934256077 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934259892 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934287071 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934309959 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934323072 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934334040 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934343100 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934355974 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934366941 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934367895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934366941 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934403896 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934403896 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934417009 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934441090 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934452057 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934462070 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934494019 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934494019 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934508085 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934514999 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934529066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934549093 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934554100 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934561014 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934565067 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934571981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934591055 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934595108 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934607029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934607983 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934643984 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934643984 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934761047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934773922 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934783936 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934796095 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934806108 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934813976 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934818983 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934824944 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934825897 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934837103 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934848070 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934855938 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934858084 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934870958 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934879065 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934890985 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934895992 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934902906 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934915066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934938908 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934938908 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934958935 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.934962034 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934976101 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934988022 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.934999943 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935014963 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935019016 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935033083 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935043097 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935055017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935077906 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935097933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935110092 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935118914 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935121059 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935137033 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935147047 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935148001 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935169935 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935184956 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935209990 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935286045 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935297966 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935328007 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935338974 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935343981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935347080 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935367107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935370922 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935400963 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935404062 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935414076 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935419083 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935452938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935461044 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935466051 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935477018 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935497046 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935523033 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935703039 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935715914 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935726881 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935736895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935750008 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935760975 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935770988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935781002 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935781002 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935794115 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935796022 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935806036 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935807943 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935826063 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935839891 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935868979 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935875893 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935920954 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935934067 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935945988 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935955048 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.935983896 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.935997963 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936022997 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936034918 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936052084 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936074018 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936094046 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936135054 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936147928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936158895 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936197042 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936203957 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936216116 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936219931 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936232090 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936256886 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936268091 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936274052 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936274052 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936286926 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936297894 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936311960 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936320066 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936331987 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936347008 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936372042 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936408043 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936419010 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936428070 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936460972 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936475039 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936578035 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936589956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936602116 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936614037 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936624050 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936630964 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936647892 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936647892 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936664104 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936672926 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936674118 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936708927 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936719894 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936726093 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936764956 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936775923 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936785936 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.936815023 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.936908007 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.938533068 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938601971 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938602924 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.938640118 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938653946 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.938689947 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938693047 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.938731909 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.938889980 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938904047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938915014 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938939095 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938962936 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938967943 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.938967943 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.938976049 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.938978910 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.938992023 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939004898 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939008951 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939028978 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939043999 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939043999 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939064026 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939066887 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939096928 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939110994 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939124107 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939136982 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939148903 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939152956 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939163923 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939172983 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939189911 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939204931 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939212084 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939219952 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939232111 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939261913 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939264059 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939294100 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939307928 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939356089 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939394951 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939416885 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939428091 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939435959 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939441919 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939457893 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939475060 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939485073 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939498901 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939502954 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939505100 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939537048 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939579010 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939615965 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939631939 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939682007 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939774036 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939788103 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939800024 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939811945 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939825058 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939832926 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939837933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939860106 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939861059 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939873934 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939886093 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939887047 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939903021 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939908028 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939918041 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939924955 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939930916 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.939970016 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.939970016 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940016031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940063953 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940076113 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940078020 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940088987 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940104961 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940119028 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940133095 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940133095 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940133095 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940148115 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940160990 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940171957 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940176010 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940190077 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940213919 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940239906 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940295935 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940295935 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940311909 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940356970 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940376997 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940391064 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940402031 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940445900 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940460920 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940460920 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940474987 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940510035 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940530062 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940666914 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940680981 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940692902 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940726042 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940745115 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940752983 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940778017 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940789938 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940800905 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940813065 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940824032 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940824032 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940824032 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940838099 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940851927 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940851927 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940860033 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940906048 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940915108 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940927029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940937996 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940949917 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940960884 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940964937 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940973043 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940985918 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.940998077 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.940998077 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941008091 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941020012 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941030979 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941031933 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941055059 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941063881 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941067934 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941086054 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941097021 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941113949 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941126108 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941145897 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941159964 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941191912 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941222906 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941236019 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941274881 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941287041 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941306114 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941310883 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941328049 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941332102 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941365957 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941371918 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941394091 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941421986 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941555977 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941560984 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941570044 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941581011 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941592932 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941602945 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941617012 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941629887 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941636086 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941642046 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941654921 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941677094 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941677094 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941677094 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941720963 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941730022 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941735029 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941756010 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941768885 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941781044 CET	15666	49699	109.172.94.66	192.168.2.7
Oct 31, 2024 11:34:15.941785097 CET	49699	15666	192.168.2.7	109.172.94.66
Oct 31, 2024 11:34:15.941793919 CET	15666	49699	109.172.94.66	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 31, 2024 11:34:12.397808075 CET	192.168.2.7	1.1.1.1	0x5dd3	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 31, 2024 11:34:12.405399084 CET	1.1.1.1	192.168.2.7	0x5dd3	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false
Oct 31, 2024 11:34:12.405399084 CET	1.1.1.1	192.168.2.7	0x5dd3	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false
Oct 31, 2024 11:34:12.405399084 CET	1.1.1.1	192.168.2.7	0x5dd3	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49700	104.26.13.205	443	3812	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 10:34:13 UTC	100	OUT	GET / HTTP/1.1 Accept: text/html; text/plain; / Host: api.ipify.org Cache-Control: no-cache
2024-10-31 10:34:13 UTC	399	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 10:34:13 GMT Content-Type: text/plain Content-Length: 14 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 8db2fdc8b8c6e542-DFW server-timing: cfL4;desc="?proto=TCP&rtt=1218&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=738&delivery_rate=2419381&cwnd=251&unsent_bytes=0&cid=c9a8c099fee1ba1b&ts=321&x=0"
2024-10-31 10:34:13 UTC	14	IN	Data Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 Data Ascii: 173.254.250.77

Target ID:	0
Start time:	06:34:10
Start date:	31/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7ff67e140000
File size:	2'640'384 bytes
MD5 hash:	AB7D13FD2200B07C2BC9FE3B3F7CC837
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1323368752.000002674DF30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	6.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	29.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	123

Executed Functions

Function 000002674E1A0CE0 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 000002674E1A0D21
GetSystemMetrics.USER32 ref: 000002674E1A0D2F
GetSystemMetrics.USER32 ref: 000002674E1A0D3D
GetSystemMetrics.USER32 ref: 000002674E1A0D4B
GetDC.USER32 ref: 000002674E1A0D55
GetDeviceCaps.GDI32 ref: 000002674E1A0D6B
GetDeviceCaps.GDI32 ref: 000002674E1A0D7B
CreateCompatibleDC.GDI32 ref: 000002674E1A0D88
CreateCompatibleBitmap.GDI32 ref: 000002674E1A0DA0
SelectObject.GDI32 ref: 000002674E1A0DB6
BitBlt.GDI32 ref: 000002674E1A0DEC
SHCreateMemStream.SHLWAPI ref: 000002674E1A0E22
SelectObject.GDI32 ref: 000002674E1A0E38
DeleteDC.GDI32 ref: 000002674E1A0E41
ReleaseDC.USER32 ref: 000002674E1A0E4C
DeleteObject.GDI32 ref: 000002674E1A0E55
EnterCriticalSection.KERNEL32 ref: 000002674E1A0F4C
LeaveCriticalSection.KERNEL32 ref: 000002674E1A0F5E
IStream_Size.SHLWAPI ref: 000002674E1A0F95
IStream_Reset.SHLWAPI ref: 000002674E1A0FA6
IStream_Read.SHLWAPI ref: 000002674E1A102B
SelectObject.GDI32 ref: 000002674E1A1085
DeleteDC.GDI32 ref: 000002674E1A108E
ReleaseDC.USER32 ref: 000002674E1A109B
DeleteObject.GDI32 ref: 000002674E1A10A4

Strings

, xrefs: 000002674E1A0DC1

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
String ID:
API String ID: 3214587331-3916222277
Opcode ID: e4e63702ac4330d30596b5454e9ccec30832c3b90c2f1c900078c08ebe0bdd3a
Instruction ID: d1833279775fa4a63b24420aeb80ed2bb5dc596af62f31b2541d5f1dfe04032c
Opcode Fuzzy Hash: e4e63702ac4330d30596b5454e9ccec30832c3b90c2f1c900078c08ebe0bdd3a
Instruction Fuzzy Hash: F9B12B72248BC086E760DB21F85839FB3B5F789BA4F508515DA8A53B69DF39C084CB80

Function 000002674E1DB83C Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExW.KERNEL32 ref: 000002674E1DB8E9
GetLastError.KERNEL32 ref: 000002674E1DB8F3
FindFirstFileW.KERNEL32 ref: 000002674E1DB90A
GetLastError.KERNEL32 ref: 000002674E1DB916
FindClose.KERNEL32 ref: 000002674E1DB924
__std_fs_open_handle.LIBCPMT ref: 000002674E1DB9B7
CloseHandle.KERNEL32 ref: 000002674E1DB9CD
CloseHandle.KERNEL32 ref: 000002674E1DBB40

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: c43c54e3e165f8807fdec21084e482379ff19f217a5b6f75efe34dcfe3cbcfef
Instruction ID: 6b8effc928f5f2cca21fbcb606fe19f57f9a4dd6b299d02bc910efd54ceecd18
Opcode Fuzzy Hash: c43c54e3e165f8807fdec21084e482379ff19f217a5b6f75efe34dcfe3cbcfef
Instruction Fuzzy Hash: 6991723138CA4146EAA48B25B81CF6B63B0E789BB8F544714DAB7477D4DF3AE84587C0

Function 000002674E1A31C0 Relevance: 22.6, APIs: 3, Strings: 9, Instructions: 1618COMMON

Download Yara Rule

APIs

Part of subcall function 000002674E1A1D70: GetCurrentHwProfileW.ADVAPI32 ref: 000002674E1A1DAA

Part of subcall function 000002674E1A16B0: EnumDisplayDevicesW.USER32 ref: 000002674E1A17BD

Part of subcall function 000002674E1A15E0: RegGetValueA.ADVAPI32 ref: 000002674E1A1647

Part of subcall function 000002674E1A12C0: GetUserNameW.ADVAPI32 ref: 000002674E1A1305

Part of subcall function 000002674E1A1360: GetComputerNameW.KERNEL32 ref: 000002674E1A13A5

GlobalMemoryStatusEx.KERNEL32 ref: 000002674E1A3986
wcsftime.LIBCMT ref: 000002674E1A41FF
GetModuleFileNameA.KERNEL32 ref: 000002674E1A43C1

Strings

computer_name, xrefs: 000002674E1A3B77
system, xrefs: 000002674E1A35CC, 000002674E1A36DC, 000002674E1A37F2, 000002674E1A38E4, 000002674E1A3A1F, 000002674E1A3B21, 000002674E1A3C24, 000002674E1A3DC7, 000002674E1A3FE7, 000002674E1A4293, 000002674E1A446F, 000002674E1A46BA, 000002674E1A4872, 000002674E1A4A33, 000002674E1A4AF2
gpu, xrefs: 000002674E1A3730
cpu, xrefs: 000002674E1A3846
%d-%m-%Y, %H:%M:%S, xrefs: 000002674E1A41EC
user_name, xrefs: 000002674E1A3620
ram, xrefs: 000002674E1A3A73
timezone, xrefs: 000002674E1A470E
time, xrefs: 000002674E1A42E7

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Name$ComputerCurrentDevicesDisplayEnumFileGlobalMemoryModuleProfileStatusUserValuewcsftime
String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 4154315062-1182675529
Opcode ID: 7ab7a56d14c3b18e0c541bfa9df40e1211505bfeffc88797f03d1f8a09a2898e
Instruction ID: a28013d6cd6f3334b057767dd694ac0b8df66ff35c64199d9e8e7d2e6f0714a0
Opcode Fuzzy Hash: 7ab7a56d14c3b18e0c541bfa9df40e1211505bfeffc88797f03d1f8a09a2898e
Instruction Fuzzy Hash: 35037B72659BC189EB21CF34E8883EE3771F795798F409616EA9C07A99EF35C284C740

Function 000002674E15D860 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 864
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 000002674E15D93D
GetProcAddress.KERNEL32 ref: 000002674E15DA3B
GetProcAddress.KERNEL32 ref: 000002674E15DAFF
GetProcAddress.KERNEL32 ref: 000002674E15DB7A
GetProcAddress.KERNEL32 ref: 000002674E15DBFF
GetProcAddress.KERNEL32 ref: 000002674E15DC7A
GetProcAddress.KERNEL32 ref: 000002674E15DCFF
FreeLibrary.KERNEL32 ref: 000002674E15E828

Strings

system, xrefs: 000002674E15E62B
cannot use push_back() with , xrefs: 000002674E15E87A
vault, xrefs: 000002674E15E67F

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Library$FreeLoad
String ID: cannot use push_back() with $system$vault
API String ID: 2449869053-1741236777
Opcode ID: 47ffc357aac57c06b6f327d8b91be1eb1c7e7c14895f5a63de02cffcb4a7522a
Instruction ID: 5e0deea1e194ef59471df7110ff35b5722b21eb8eeb61b6b4b938d7f4d4e5ce4
Opcode Fuzzy Hash: 47ffc357aac57c06b6f327d8b91be1eb1c7e7c14895f5a63de02cffcb4a7522a
Instruction Fuzzy Hash: 3A926F32609BC48ADB618F29E8883DE73B5F789798F104215EB9C57B99EF35C654C340

Function 000002674E197910 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 172
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000002674E19A880: GetCurrentProcess.KERNEL32 ref: 000002674E19A8BB
Part of subcall function 000002674E19A880: OpenProcessToken.ADVAPI32 ref: 000002674E19A8CC
Part of subcall function 000002674E19A880: GetTokenInformation.ADVAPI32 ref: 000002674E19A904

ExitProcess.KERNEL32 ref: 000002674E197957
OpenMutexA.KERNEL32 ref: 000002674E197A73
ExitProcess.KERNEL32 ref: 000002674E197A83
CreateMutexA.KERNEL32 ref: 000002674E197AA2
ExitProcess.KERNEL32 ref: 000002674E197AC8

Part of subcall function 000002674E19AC70: GetModuleFileNameW.KERNEL32 ref: 000002674E19ACBA

Part of subcall function 000002674E1A5B10: CoInitializeEx.OLE32 ref: 000002674E1A5B75

Strings

SeDebugPrivilege, xrefs: 000002674E19795E
SeImpersonatePrivilege, xrefs: 000002674E19796A

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
String ID: SeDebugPrivilege$SeImpersonatePrivilege
API String ID: 470559343-3768118664
Opcode ID: 159e54d527fafda6f55e24249329156e0a9e935cd3bf13cb4f19f12f82537621
Instruction ID: 8c023842cd3f0a8e9211952bcbc09846eb71c7e17bcdca1927390ae91dd7feec
Opcode Fuzzy Hash: 159e54d527fafda6f55e24249329156e0a9e935cd3bf13cb4f19f12f82537621
Instruction Fuzzy Hash: 8F61827269CA8081FA10AB68F45D3AF6271FFCA7B8F500515E6DE426D6DF2AC044C7C1

Function 000002674E1C25B4 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 000002674E1C25F9

Part of subcall function 000002674E1C1C64: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1C1C78

Part of subcall function 000002674E1BC8E4: HeapFree.KERNEL32 ref: 000002674E1BC8FA
Part of subcall function 000002674E1BC8E4: GetLastError.KERNEL32 ref: 000002674E1BC904

Part of subcall function 000002674E1CB124: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1CB06F

_get_daylight.LIBCMT ref: 000002674E1C25E8

Part of subcall function 000002674E1C1CC4: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1C1CD8

_get_daylight.LIBCMT ref: 000002674E1C285E
_get_daylight.LIBCMT ref: 000002674E1C286F
_get_daylight.LIBCMT ref: 000002674E1C2880
GetTimeZoneInformation.KERNEL32 ref: 000002674E1C28A7

Strings

Eastern Summer Time, xrefs: 000002674E1C2965
Eastern Standard Time, xrefs: 000002674E1C294D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 355007559-239921721
Opcode ID: 78eb675e9cd755191b67956b91f2f98d36718c9094a46172317fefae4576ec3a
Instruction ID: bd70ead2136ec1635c3b70e4ea95e7ac0260faa824923dc3961edfd110523841
Opcode Fuzzy Hash: 78eb675e9cd755191b67956b91f2f98d36718c9094a46172317fefae4576ec3a
Instruction Fuzzy Hash: 42D1F436748A5086E724DF26F48D7AB6771F7847ACF458125EE4983A85DF3AC4C1C780

Function 000002674E1A0420 Relevance: 13.9, APIs: 9, Instructions: 377
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 000002674E1A0652

Part of subcall function 000002674E1CE1C0: EnterCriticalSection.KERNEL32 ref: 000002674E1CE1D0

InternetOpenUrlA.WININET ref: 000002674E1A06C2
HttpQueryInfoW.WININET ref: 000002674E1A071A
HttpQueryInfoW.WININET ref: 000002674E1A07A3
InternetQueryDataAvailable.WININET ref: 000002674E1A07E1
InternetReadFile.WININET ref: 000002674E1A089B
InternetQueryDataAvailable.WININET ref: 000002674E1A0961
InternetCloseHandle.WININET ref: 000002674E1A0A01
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E1A0A41

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskCriticalEnterFileHandleReadSection
String ID:
API String ID: 2604747929-0
Opcode ID: 1cbb99dd4fe00097619a0ced69e2d148608187bcbc2ca1b834ac75fee8039cdb
Instruction ID: afd8b167f39300c96ffdd9388dea0253b824f86a9365f273869c75a09bc7508f
Opcode Fuzzy Hash: 1cbb99dd4fe00097619a0ced69e2d148608187bcbc2ca1b834ac75fee8039cdb
Instruction Fuzzy Hash: 92027D32A28B9489F700CB65F8483AE77B4F785BA8F105215EE9D57B99DF79C080C780

Function 000002674E19A050 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 452
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileSize.KERNEL32 ref: 000002674E19A26F
SetFilePointer.KERNEL32 ref: 000002674E19A322
ReadFile.KERNEL32 ref: 000002674E19A351

Strings

exists, xrefs: 000002674E19A7D6
ios_base::eofbit set, xrefs: 000002674E19A838
ios_base::badbit set, xrefs: 000002674E19A7FD, 000002674E19A825
ios_base::failbit set, xrefs: 000002674E19A831

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: File$PointerReadSize
String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 404940565-15404121
Opcode ID: 070f574dbe00e942d553051624e6254ec65e45f4c51a1969a7e5fa42a2d304cd
Instruction ID: 43d720529fa4fe00fa67221dbb3e43480225f09405ebfd610930c8948503a35d
Opcode Fuzzy Hash: 070f574dbe00e942d553051624e6254ec65e45f4c51a1969a7e5fa42a2d304cd
Instruction Fuzzy Hash: 6E320532254BC189EB20CF28E8883DE37B1F78575CF448626DA9D57A99EF75C684C780

Function 000002674E1BE994 Relevance: 10.8, APIs: 7, Instructions: 286
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1BEDC6

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: dedb8fb46c5dda6867a1f8f7f3193f8991d0e0f929d9214b83268d16dff2bb5e
Instruction ID: 834d90cd768b077ed922277b44a8b1d756accf54151f81db271eb36b9c4e200f
Opcode Fuzzy Hash: dedb8fb46c5dda6867a1f8f7f3193f8991d0e0f929d9214b83268d16dff2bb5e
Instruction Fuzzy Hash: 41C1F53225C78999E7619B21A48C3BF77B1F784BA8F451101EADA0B3D5DFBAC464C780

Function 000002674E1C2830 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 000002674E1C285E

Part of subcall function 000002674E1C1CC4: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1C1CD8

_get_daylight.LIBCMT ref: 000002674E1C286F

Part of subcall function 000002674E1C1C64: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1C1C78

_get_daylight.LIBCMT ref: 000002674E1C2880

Part of subcall function 000002674E1C1C94: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1C1CA8

Part of subcall function 000002674E1BC8E4: HeapFree.KERNEL32 ref: 000002674E1BC8FA
Part of subcall function 000002674E1BC8E4: GetLastError.KERNEL32 ref: 000002674E1BC904

GetTimeZoneInformation.KERNEL32 ref: 000002674E1C28A7

Strings

Eastern Summer Time, xrefs: 000002674E1C2965
Eastern Standard Time, xrefs: 000002674E1C294D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 43bd24f32916a3010015ca28f009028db3fb9592cea4450c0e897acc97307f69
Instruction ID: c8d2db4e48d5af5180f5fff16ff1b2a35777e6e650ef210741f473b8fb2bf724
Opcode Fuzzy Hash: 43bd24f32916a3010015ca28f009028db3fb9592cea4450c0e897acc97307f69
Instruction Fuzzy Hash: F151D172748A5086E720DF21F98D79B7770F7887ACF458526AB4D83A95DF3AC480C780

Function 000002674E1AA190 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 408
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 000002674E1AA340
__std_exception_destroy.LIBVCRUNTIME ref: 000002674E1AA34E
__std_exception_destroy.LIBVCRUNTIME ref: 000002674E1AA5DD
__std_exception_destroy.LIBVCRUNTIME ref: 000002674E1AA5EB

Strings

value, xrefs: 000002674E1AA266, 000002674E1AA50D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: 987078f5df702c92cfcbb4711575e5ec2aceca2ad405bd377ea89f015cf24099
Instruction ID: 7df936a9950a42261e0ef59b0ee39245dee3543b26c8c5844ae1e8946f924ab3
Opcode Fuzzy Hash: 987078f5df702c92cfcbb4711575e5ec2aceca2ad405bd377ea89f015cf24099
Instruction Fuzzy Hash: 31028072669BC085EB01CB74E48C3AF6771E7857B8F505302FA9D42ADAEF69C185C780

Function 000002674E15E8F0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 324
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000002674E15E938
Process32FirstW.KERNEL32 ref: 000002674E15E97A
Process32NextW.KERNEL32 ref: 000002674E15EB79
CloseHandle.KERNEL32 ref: 000002674E15EDEB

Strings

[PID: , xrefs: 000002674E15E9B4

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID: [PID:
API String ID: 420147892-2210602247
Opcode ID: 49e1bdd5f0a815328ed98b044775215af8e708dc1237a8f9b7400ba31e774226
Instruction ID: 80fcc3b67147c7883bdab9faa170b260b0e38350881d67ffe68441dda93d17c6
Opcode Fuzzy Hash: 49e1bdd5f0a815328ed98b044775215af8e708dc1237a8f9b7400ba31e774226
Instruction Fuzzy Hash: 09E1B272658BC086EB21CF29E8883DE77B5F3857A8F504615EA9D07B99DF39C280C740

Function 000002674E1A6F60 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000002674E1A6FAA
OpenProcessToken.ADVAPI32 ref: 000002674E1A6FBB
LookupPrivilegeValueW.ADVAPI32 ref: 000002674E1A6FD9
AdjustTokenPrivileges.ADVAPI32 ref: 000002674E1A701F
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000002674E19796A), ref: 000002674E1A703D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
String ID:
API String ID: 3038321057-0
Opcode ID: 531cdee19d4338272bd72dea2281194fba849ceb76ba317d0e5429946739ecd1
Instruction ID: 4b70ffd7c997ee1624066b6a07ad30d4be3058bf7e6e8977287ad683aa783c14
Opcode Fuzzy Hash: 531cdee19d4338272bd72dea2281194fba849ceb76ba317d0e5429946739ecd1
Instruction Fuzzy Hash: 85216232258B8082E720CF21F84865FB7B4F788BA4F554526EB8A47B58DF7EC541CB80

Function 000002674E182B50 Relevance: 6.8, Strings: 5, Instructions: 571COMMON

Download Yara Rule

Strings

status, xrefs: 000002674E1838F8, 000002674E18391A, 000002674E183942, 000002674E18396A
exists, xrefs: 000002674E182B34, 000002674E184F4C
cannot use push_back() with , xrefs: 000002674E1838B9
prefs.js, xrefs: 000002674E184088
directory_iterator::directory_iterator, xrefs: 000002674E18390A, 000002674E184F63

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
API String ID: 0-2713369562
Opcode ID: bc6167765cd887f948e6de0cafee9c8faaac96c4b35634b11dcebc054af40ea2
Instruction ID: 596da1a50e3ce0141f80a885c0c12b48993b365a25a99d34e2134bff14ec6e8c
Opcode Fuzzy Hash: bc6167765cd887f948e6de0cafee9c8faaac96c4b35634b11dcebc054af40ea2
Instruction Fuzzy Hash: CA524732659BC485E6719B24F8893DBB3B4F7C9798F405616DACC42B5AEF39C184CB80

Function 000002674E19FBE0 Relevance: 6.4, APIs: 4, Instructions: 431networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 000002674E19FDBE
recv.WS2_32 ref: 000002674E1A02D9
closesocket.WS2_32 ref: 000002674E1A02EB
WSACleanup.WS2_32 ref: 000002674E1A02F1

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: recv$Cleanupclosesocket
String ID:
API String ID: 146070474-0
Opcode ID: 806a4a243e067ddc7ea33b02be9b806603713cc115ceef18e3d52f999a19f6ea
Instruction ID: 78c0568fc6dba07616c74681e162b06d5688e2312c964cca21da5d8b9983f05b
Opcode Fuzzy Hash: 806a4a243e067ddc7ea33b02be9b806603713cc115ceef18e3d52f999a19f6ea
Instruction Fuzzy Hash: D612707265CBC481EA21CB25F45D3EFA372F7897A4F504612DAAD42ADADF79C084C780

Function 000002674E15CD10 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 668COMMON

Download Yara Rule

APIs

CredEnumerateA.ADVAPI32 ref: 000002674E15CD72
CredFree.ADVAPI32 ref: 000002674E15D784

Strings

cannot use push_back() with , xrefs: 000002674E15D7D0

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Cred$EnumerateFree
String ID: cannot use push_back() with
API String ID: 3403564193-4122110429
Opcode ID: 7f4501be166d4e62800c9a0490ad29578926095491fce65abb76899efcbdcd5a
Instruction ID: 4bb0d445339b40352c60abcc197e832c6a43ed1c1d84be50465e550172e5c7c2
Opcode Fuzzy Hash: 7f4501be166d4e62800c9a0490ad29578926095491fce65abb76899efcbdcd5a
Instruction Fuzzy Hash: 23625E72658BC489EB208F69E8883DE7771F3897ACF504316EAAD07A99DF75C184C740

Function 000002674E1A27A0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 000002674E1A2AE6

Strings

[UTC, xrefs: 000002674E1A2AB3

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: [UTC
API String ID: 565725191-1715286942
Opcode ID: b58b7325c87ae02d2ee982d16b0f90fc9c459f7d80b1f325c0682f373bf87291
Instruction ID: 3c5e494f9da2cd080d34e21500e6a009fb2f5d49744a38dbf9b9610f2671256a
Opcode Fuzzy Hash: b58b7325c87ae02d2ee982d16b0f90fc9c459f7d80b1f325c0682f373bf87291
Instruction Fuzzy Hash: F8910B32629FC48AD7918F29E88169EB3B5F399798F105215EECE57B19EF38C250C740

Function 000002674E193430 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 000002674E193488
LocalFree.KERNEL32 ref: 000002674E19351A

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: 745b95fad6454cfba2baa49d265ae9e186c3197e9b7cc3c38aa5005324c71f1a
Instruction ID: be4d40eaef690a4870da0db090bf7407f37d055f6a0c4e0b94f8e9cb96e9d1c2
Opcode Fuzzy Hash: 745b95fad6454cfba2baa49d265ae9e186c3197e9b7cc3c38aa5005324c71f1a
Instruction Fuzzy Hash: 7D414C32618B80CAE3208F74E4483EE37B5F75974CF054625EA8907E89DF7AD5A4C384

Function 000002674E1A24F0 Relevance: 1.7, APIs: 1, Instructions: 160COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNEL32 ref: 000002674E1A2561

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: 99e841b9d2a1402a9344bdc4a72a4f4aa518b8bacc59b2fa878c6312c5a5c892
Instruction ID: 60dc318629ff5a74f7027efb934b4ca9e973750a7f79662f01f94c3cf36111a8
Opcode Fuzzy Hash: 99e841b9d2a1402a9344bdc4a72a4f4aa518b8bacc59b2fa878c6312c5a5c892
Instruction Fuzzy Hash: C7716F32A58B8082E710CF24F4883AEB775F7957A8F505305EB9813AA9DF79D1D1DB80

Function 000002674E1A12C0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 000002674E1A1305

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 304db165e96ffb8f4312c8aac323597a159ec649b26c09208dc9996fa76d73a8
Instruction ID: 099ad238079f8e5d494344532360e152511b94a38a51abc51201d4ee1dd62dcc
Opcode Fuzzy Hash: 304db165e96ffb8f4312c8aac323597a159ec649b26c09208dc9996fa76d73a8
Instruction Fuzzy Hash: B601843261878182E721CF21F84939FB3B0FB98798F440225E6CD42659DFBDC194CB84

Function 000002674E1A19A0 Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

cores, xrefs: 000002674E1A1BD6

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: cores
API String ID: 0-2370456839
Opcode ID: 5f8d3312878fd7513d5439c5e54874277449181de9e6983141e79406de49ea54
Instruction ID: ed4d94a8b1202f19498a395f434342704bc30766d79bec90df3e4191234a2165
Opcode Fuzzy Hash: 5f8d3312878fd7513d5439c5e54874277449181de9e6983141e79406de49ea54
Instruction Fuzzy Hash: FCB194B2F58B808AF700CFB8E0493ED3772A7957ACF605715DE5822A9ADF758195C380

Function 000002674E1A8610 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

\u%04x, xrefs: 000002674E1A8806

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: \u%04x
API String ID: 0-2916071157
Opcode ID: 423056e69d5645a73791192e4bdea90b748ecd25ecc214abb60e516277d7c3cf
Instruction ID: de17402d2b1f3cf40086daed69d8ca66f6348b158b2bba9fc177528ac217888e
Opcode Fuzzy Hash: 423056e69d5645a73791192e4bdea90b748ecd25ecc214abb60e516277d7c3cf
Instruction Fuzzy Hash: CA81E23234868492EB54CB29F45C7BE6771F785B98F888422DB4E47B92DF3AC555C380

Function 000002674E1A7C28 Relevance: 1.5, Strings: 1, Instructions: 209COMMON

Download Yara Rule

Strings

": , xrefs: 000002674E1A7D05, 000002674E1A7DA5

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ":
API String ID: 0-3662656813
Opcode ID: 8d0ff03ade165144a1cb16236d9c57af16f3fb6bb80c765c02794f7e906c0b96
Instruction ID: 5ed4c61c9f5d970428be305ab01fd8be4fe9510d505e2661d83f1dd0073bd5b5
Opcode Fuzzy Hash: 8d0ff03ade165144a1cb16236d9c57af16f3fb6bb80c765c02794f7e906c0b96
Instruction Fuzzy Hash: 48910276208A8582DB20DF26E09866E7771F788FD8F459002DF4E47B65CF7AC558CB80

Function 000002674E164320 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 000002674E1643A9

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
API String ID: 0-1713319389
Opcode ID: 9aa0667118115d02de2f98f1551d5d1aef04593037e5c7732c84333e8f847c70
Instruction ID: dd14b176842534f6db795573761ac13f6370e5b6b6cfaeeb625b67c589044072
Opcode Fuzzy Hash: 9aa0667118115d02de2f98f1551d5d1aef04593037e5c7732c84333e8f847c70
Instruction Fuzzy Hash: AC41B17361D6E04AE702CB39941537D7FB2E366B88F1C8252DBD48774ADA2EC216CB10

Function 000002674E15EF90 Relevance: .7, Instructions: 716COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f13c4fc0892c945449c4b0a1aa611ece94c51e5f87558ca622be0231ad3f26a8
Instruction ID: 4ae0f0535df21d41fb2fa858ce53722b6a23e78d9776f0e386724de81e102c40
Opcode Fuzzy Hash: f13c4fc0892c945449c4b0a1aa611ece94c51e5f87558ca622be0231ad3f26a8
Instruction Fuzzy Hash: C8725E72659BC489DB308F29E8483DE73B5F3897A8F504315EA9C56B99EF39C284C740

Function 000002674E150EE0 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85bf54d05ae5b2102e59a41a46eddd9130fbe40a36119e206e038bf8a4a2031a
Instruction ID: 5b7acf84606be6db2fc774a86c2851dd90667d394b0a1b0ba98a5ffe4f1a5ca1
Opcode Fuzzy Hash: 85bf54d05ae5b2102e59a41a46eddd9130fbe40a36119e206e038bf8a4a2031a
Instruction Fuzzy Hash: B8F16D72619F848AEB208B69F44935E77B4F3887ACF105315EADC57B99EF38C1908B40

Function 000002674E1515D0 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee91e03d6bdba9ce984c20643351cb60f5c2fb637e94a0ac2dec0ed29fe7b088
Instruction ID: b7a0041a371a76f15a9facf9ed512481f343129ba7fe28e7d7928901f015a1ad
Opcode Fuzzy Hash: ee91e03d6bdba9ce984c20643351cb60f5c2fb637e94a0ac2dec0ed29fe7b088
Instruction Fuzzy Hash: 19F15D32619F848AEB218B69E84535E77B4F3897ACF104315EEDC57B99EF78C1908B40

Function 000002674E199C30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000002674E1999B0: InitializeCriticalSectionEx.KERNEL32 ref: 000002674E199A01
Part of subcall function 000002674E1999B0: GetLastError.KERNEL32 ref: 000002674E199A0B

EnterCriticalSection.KERNEL32 ref: 000002674E199C71
GdiplusStartup.GDIPLUS ref: 000002674E199C98
LeaveCriticalSection.KERNEL32 ref: 000002674E199CA6
LeaveCriticalSection.KERNEL32 ref: 000002674E199CD4
GdipGetImageEncodersSize.GDIPLUS ref: 000002674E199CE2
GdipGetImageEncoders.GDIPLUS ref: 000002674E199D76
GdipCreateBitmapFromScan0.GDIPLUS ref: 000002674E199E3A
GdipSaveImageToStream.GDIPLUS ref: 000002674E199E58
GdipDisposeImage.GDIPLUS ref: 000002674E199EBD
GdipDisposeImage.GDIPLUS ref: 000002674E199ED1

Strings

&, xrefs: 000002674E199E34

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
String ID: &
API String ID: 1703174404-3042966939
Opcode ID: c8cab759edf9eae6b4a215f3f51f8edc88a07c67ac3e523ca83177caeb1bf491
Instruction ID: 2ce658c488aa7070ba7d058fd410b83457e03f02fb60e260d8c0fa0e3ef6be00
Opcode Fuzzy Hash: c8cab759edf9eae6b4a215f3f51f8edc88a07c67ac3e523ca83177caeb1bf491
Instruction Fuzzy Hash: 91916A32244B459AEB20CF31E84C79A37B5F759BACF458515EA4947B98DF3AC981C3C0

Function 000002674E19ADB0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 286
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000002674E1A0A50: GetUserGeoID.KERNEL32 ref: 000002674E1A0A75
Part of subcall function 000002674E1A0A50: GetGeoInfoA.KERNEL32 ref: 000002674E1A0A8D
Part of subcall function 000002674E1A0A50: GetGeoInfoA.KERNEL32 ref: 000002674E1A0ADD

WSAStartup.WS2_32 ref: 000002674E19AECE
socket.WS2_32 ref: 000002674E19AEEB
htons.WS2_32 ref: 000002674E19AF11
inet_pton.WS2_32 ref: 000002674E19B006
connect.WS2_32 ref: 000002674E19B020
closesocket.WS2_32 ref: 000002674E19B043
WSACleanup.WS2_32 ref: 000002674E19B049

Strings

system, xrefs: 000002674E19AE3B
geo, xrefs: 000002674E19AE7B

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
String ID: geo$system
API String ID: 213021568-2364779556
Opcode ID: c2fc1ad6804c5c5f360e4f6909b4af621ec0678ef62ffb262d1181aed6f8fe8c
Instruction ID: d96bd80f8a51e0364823b99b34ee8949c26174725b467a0369db0cb467c07531
Opcode Fuzzy Hash: c2fc1ad6804c5c5f360e4f6909b4af621ec0678ef62ffb262d1181aed6f8fe8c
Instruction Fuzzy Hash: 71C1DF72758A8185FB10CF65F44C39E7372E7497B8F404616DAA913BE9DE3AC54AC380

Function 000002674E1E2DE4 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000002674E1E29C4: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1E2A05
Part of subcall function 000002674E1E29C4: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1E2A85
Part of subcall function 000002674E1E29C4: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1E2AD9
Part of subcall function 000002674E1E29C4: _get_daylight.LIBCMT ref: 000002674E1E2B31

CreateFileW.KERNEL32 ref: 000002674E1E2EEA
CreateFileW.KERNEL32 ref: 000002674E1E2F3A
GetLastError.KERNEL32 ref: 000002674E1E2F6A
GetFileType.KERNEL32 ref: 000002674E1E2F7F
GetLastError.KERNEL32 ref: 000002674E1E2F89
CloseHandle.KERNEL32 ref: 000002674E1E2FBC
CloseHandle.KERNEL32 ref: 000002674E1E3120
CreateFileW.KERNEL32 ref: 000002674E1E3155
GetLastError.KERNEL32 ref: 000002674E1E3164

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
String ID:
API String ID: 1330151763-0
Opcode ID: fdf61d42724756312793b09a47440c7f26da154d6b582e1d821e9f29e9064b4d
Instruction ID: a8bd7be974ba9c29004eb68a4abf9439d68697f3fc1a0f5ef7352b72b41edb17
Opcode Fuzzy Hash: fdf61d42724756312793b09a47440c7f26da154d6b582e1d821e9f29e9064b4d
Instruction Fuzzy Hash: F7C1BF36768A4086EB14CF69E4986AE3771F389BACF011205EB2E9B7D5DF36C455C380

Function 000002674E199A90 Relevance: 9.0, APIs: 6, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteObject.GDI32 ref: 000002674E199AD3
EnterCriticalSection.KERNEL32 ref: 000002674E199AE5
EnterCriticalSection.KERNEL32 ref: 000002674E199AF5
GdiplusShutdown.GDIPLUS ref: 000002674E199B03
LeaveCriticalSection.KERNEL32 ref: 000002674E199B10
LeaveCriticalSection.KERNEL32 ref: 000002674E199B1A

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
String ID:
API String ID: 4268643673-0
Opcode ID: be887bc960cbccda344ab6468f496d858ea158950171f96801833c93cdf224ad
Instruction ID: b5807d62ebd8cd82244c5f168905c9e71b4a24a0235a5b2aaf1d7e3b3edfb966
Opcode Fuzzy Hash: be887bc960cbccda344ab6468f496d858ea158950171f96801833c93cdf224ad
Instruction Fuzzy Hash: 9C110632215B50C1EB109F25F84C11A73B4FB48FA8B688615DAAE066A4DF3AC896C7C0

Function 000002674E1A15E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegGetValueA.ADVAPI32 ref: 000002674E1A1647

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 000002674E1A1639
ProductName, xrefs: 000002674E1A1632

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Value
String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3702945584-1787575317
Opcode ID: b1e0a8fe3c51dcceeb44e5e829cc4e22f419d79027cccbe765d0735392233611
Instruction ID: d48bd5f8a5030c2ab525141ae8364f2efabd74d5492fbaf276c6e895a1cbfe34
Opcode Fuzzy Hash: b1e0a8fe3c51dcceeb44e5e829cc4e22f419d79027cccbe765d0735392233611
Instruction Fuzzy Hash: B0114932608B8586EB20CF21F44939FB3B4F789798F950215EB9847B59DFB9C194CB80

Function 000002674E19FF6E Relevance: 4.7, APIs: 3, Instructions: 186networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 000002674E1A02D9
closesocket.WS2_32 ref: 000002674E1A02EB
WSACleanup.WS2_32 ref: 000002674E1A02F1

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Cleanupclosesocketrecv
String ID:
API String ID: 3447645871-0
Opcode ID: a1fd8b036ec507ad2677786e8e2f05097c65768e2b4a7e4e5f93b3f25a2915ae
Instruction ID: a071a9cfb26105d1890ac6de02de49fe09b36a2365b1e05bfcbed288b79c0e0c
Opcode Fuzzy Hash: a1fd8b036ec507ad2677786e8e2f05097c65768e2b4a7e4e5f93b3f25a2915ae
Instruction Fuzzy Hash: 0B915F72658BC081EA218B29F44D3AF6731F7897B8F504711DAAD43ADADF7AC485C780

Function 000002674E1A2251 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000002674E1A2269
RegEnumKeyExA.ADVAPI32 ref: 000002674E1A22AE
RegCloseKey.ADVAPI32 ref: 000002674E1A24A4

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CloseEnumOpen
String ID:
API String ID: 1332880857-0
Opcode ID: 37a20a9c9e16e55d53c3a3fc0d2c691137ca469aefa22ef58f04c22457e6a31c
Instruction ID: 001332d8d9cc170219218e80ace877d9e8bd3697bd4367d61244b523965a2a72
Opcode Fuzzy Hash: 37a20a9c9e16e55d53c3a3fc0d2c691137ca469aefa22ef58f04c22457e6a31c
Instruction Fuzzy Hash: 9E716C72758B8486FB108B69F44C3AE6771F7857B8F600606EAA913AD9DF79C0C1C780

Function 000002674E1A21E0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000002674E1A2269
RegEnumKeyExA.ADVAPI32 ref: 000002674E1A22AE

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: 284f26594728a5cfb21f7fab24030501096eb33afcc3a3f4b41e590617c8509e
Instruction ID: b1e3b8d5c9f89945e453637c659aaa9c8d6b717ca6f6a11ed4263c0e4ad3b601
Opcode Fuzzy Hash: 284f26594728a5cfb21f7fab24030501096eb33afcc3a3f4b41e590617c8509e
Instruction Fuzzy Hash: 12319E32754B818AE720CFA1F848BAE7374F7487ACF200615EE9917A58DF79C192C780

Function 000002674E1AFA64 Relevance: 4.6, APIs: 3, Instructions: 72COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1AFA8B

Part of subcall function 000002674E1AFA20: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1AFA37

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1AFB38
_local_unwind.LIBVCRUNTIME ref: 000002674E1AFB49

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo$_local_unwind
String ID:
API String ID: 1677304287-0
Opcode ID: 13238feca355ad5099b8879a5aa110a70d7495b53b6978f051a829bb7d95c8e0
Instruction ID: c2b3583ab5ef905c03b5440d65b3c43ecbb8abe0ef1dafd1ef937198b34722bf
Opcode Fuzzy Hash: 13238feca355ad5099b8879a5aa110a70d7495b53b6978f051a829bb7d95c8e0
Instruction Fuzzy Hash: 1321AD32658A4585EA54DF14F4AD3BF2371F798BA8F980521E65A4B3E2EF3AC104C380

Function 000002674E1A1F1B Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000002674E1A1F37
RegQueryValueExA.ADVAPI32 ref: 000002674E1A1F76
RegCloseKey.ADVAPI32 ref: 000002674E1A2014

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: d4b9140bfc6d9ea04eacfbff610b74c596ef884b94f6cef94036681d8c8e6d65
Instruction ID: 1bfcdbec9863933c0e60c6cd8a52892952a770cdc60d7c43fbbedefc89a44cb4
Opcode Fuzzy Hash: d4b9140bfc6d9ea04eacfbff610b74c596ef884b94f6cef94036681d8c8e6d65
Instruction Fuzzy Hash: 31218072758B8081EA508B25F49D36FA731E7D97E8F505211EA8E42AA9DF2DC084CB80

Function 000002674E1A0A50 Relevance: 4.6, APIs: 3, Instructions: 50COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32 ref: 000002674E1A0A75
GetGeoInfoA.KERNEL32 ref: 000002674E1A0A8D
GetGeoInfoA.KERNEL32 ref: 000002674E1A0ADD

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Info$User
String ID:
API String ID: 2017065092-0
Opcode ID: 5e81fc33c97f2df56606f25030b080222af27e1cacd37c198a59a94de2717080
Instruction ID: e72ed617c2fc22189a25b30127e6ca433fa4449cff55abf36fe565b5801d244f
Opcode Fuzzy Hash: 5e81fc33c97f2df56606f25030b080222af27e1cacd37c198a59a94de2717080
Instruction Fuzzy Hash: FA118832628B8087E7108F61F45875EB3A1F794B88F445628EB8503B59EF7DD5908B84

Function 000002674E19A880 Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000002674E19A8BB
OpenProcessToken.ADVAPI32 ref: 000002674E19A8CC
GetTokenInformation.ADVAPI32 ref: 000002674E19A904

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ProcessToken$CurrentInformationOpen
String ID:
API String ID: 2743777493-0
Opcode ID: 79da113c3c0a76ffcf1c48350ac2c5eed2f535508000765d1fa8a3a57ddea8bb
Instruction ID: 6bb0124204afa3c0a9d164563fd4ce3743a41378c0b150c1b685037b9ff3e1a9
Opcode Fuzzy Hash: 79da113c3c0a76ffcf1c48350ac2c5eed2f535508000765d1fa8a3a57ddea8bb
Instruction Fuzzy Hash: 91114C32618B8186EB50CF11F44834BB3B0F789B98F559126EB8A47B18CF39D555CB80

Function 000002674E167870 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E1679C9

Strings

cannot use operator[] with a numeric argument with , xrefs: 000002674E167D99

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: cannot use operator[] with a numeric argument with
API String ID: 118556049-485864652
Opcode ID: 9b0994f026258f43ebbce98ea956028a87141582a1d70255c3a1aaa8c98a4bc8
Instruction ID: cdab77396c090509a8c3d80d7691be0b35528838510704f7c17b320c0c833094
Opcode Fuzzy Hash: 9b0994f026258f43ebbce98ea956028a87141582a1d70255c3a1aaa8c98a4bc8
Instruction Fuzzy Hash: 4C31D77234978456EE149B26B54C35E62A6AB04BF8F584B219FBE0B7D5DE79C081C380

Function 000002674E1A1D70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32 ref: 000002674E1A1DAA

Strings

Unknown, xrefs: 000002674E1A1E65

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: 2a6ee122688f5a96e0a8cc6196d85905b433c85ebbab946d33e16e82af128ba1
Instruction ID: 66b1b6f1f45dca4d64149b813278cc6792a8f9439882d727db434a55039bfed9
Opcode Fuzzy Hash: 2a6ee122688f5a96e0a8cc6196d85905b433c85ebbab946d33e16e82af128ba1
Instruction Fuzzy Hash: 7F31AF3262CBC082E621CF25F4483ABB770F799798F545215EBC902A56DF7EC184CB80

Function 000002674E199F00 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

APIs

SHGetKnownFolderPath.SHELL32 ref: 000002674E199F59
CoTaskMemFree.OLE32 ref: 000002674E19A01A

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: FolderFreeKnownPathTask
String ID:
API String ID: 969438705-0
Opcode ID: 9d342e6bc7984493d0823a976a2a24132e515d0a9b4175990963786efd2d540d
Instruction ID: 2e45d1008981dbf69c024f5b51210fd27a0d12fc3695a28a783ea9a669c407d6
Opcode Fuzzy Hash: 9d342e6bc7984493d0823a976a2a24132e515d0a9b4175990963786efd2d540d
Instruction Fuzzy Hash: 04317372A18B8081E6208B25F48935FA771F7997F8F145316EAAD42A99DF7DC181CB80

Function 000002674E198840 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000002674E198891
RegCloseKey.ADVAPI32 ref: 000002674E1988A3

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID:
API String ID: 47109696-0
Opcode ID: 63935fde39ecc338d01250bcb3d3bae0183f3603a2da617671fa71598eb8f9c0
Instruction ID: 6c84f4374b0e4b8bf25f46b0f39002f5b9c1ea4e67cc97d7ee90268018be6187
Opcode Fuzzy Hash: 63935fde39ecc338d01250bcb3d3bae0183f3603a2da617671fa71598eb8f9c0
Instruction Fuzzy Hash: AA21C931759A4085FE50DB21F84C3ABA371FB99BE8F595111FA4E43B99DF29C481CB80

Function 000002674E197ADD Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 000002674E15E8F0: CreateToolhelp32Snapshot.KERNEL32 ref: 000002674E15E938
Part of subcall function 000002674E15E8F0: Process32FirstW.KERNEL32 ref: 000002674E15E97A

Part of subcall function 000002674E15CD10: CredEnumerateA.ADVAPI32 ref: 000002674E15CD72

Part of subcall function 000002674E19FBE0: recv.WS2_32 ref: 000002674E19FDBE

ReleaseMutex.KERNEL32 ref: 000002674E197B4C
CloseHandle.KERNEL32 ref: 000002674E197B55

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
String ID:
API String ID: 420082584-0
Opcode ID: 2aff061a96fa003136030da793816787c67282d0d4cc7bf931d73954cfeefc25
Instruction ID: ea73783467e8a35c3d68243b26c98203b06326b8b5c1c9e06282a1021940d8ed
Opcode Fuzzy Hash: 2aff061a96fa003136030da793816787c67282d0d4cc7bf931d73954cfeefc25
Instruction Fuzzy Hash: 142184716DC68041F96077B8B05F3EF1272BF877BCF510911E69A411D79E1B8080C6D2

Function 000002674E197B0E Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 000002674E19FBE0: recv.WS2_32 ref: 000002674E19FDBE

ReleaseMutex.KERNEL32 ref: 000002674E197B4C
CloseHandle.KERNEL32 ref: 000002674E197B55

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CloseHandleMutexReleaserecv
String ID:
API String ID: 2659716615-0
Opcode ID: 41887f138c2950a91eb45c9b439a4017ba76a56d803172850a4683dc8199a118
Instruction ID: 68e6e38a6136c106f0f98a8829603b461104e0234e5a485021304f7721e465f7
Opcode Fuzzy Hash: 41887f138c2950a91eb45c9b439a4017ba76a56d803172850a4683dc8199a118
Instruction Fuzzy Hash: C811A9726DC68041FA50B778F45E39F6272BF877BCF440A10DA9A412D7DE1AC080C6D1

Function 000002674E1BEF08 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32 ref: 000002674E1BEF54
GetLastError.KERNEL32 ref: 000002674E1BEF5E

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 684c58d74d927086b1ea70340506491b7a3181aa5c9dc2c1a8c1bf280f0d3fce
Instruction ID: b664f65a853264868cfdb6d7da778b314feda492d950ed7020c858528c1db9bf
Opcode Fuzzy Hash: 684c58d74d927086b1ea70340506491b7a3181aa5c9dc2c1a8c1bf280f0d3fce
Instruction Fuzzy Hash: 2911E371318B8085DA10CB25F44C2AA6371A744BF8F584715EEBA4B7D9DF39C05187C0

Function 000002674E1CE2D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E1CE300

Part of subcall function 000002674E1CF0F0: std::bad_alloc::bad_alloc.LIBCMT ref: 000002674E1CF0F9

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E1CE306

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: 647c0ec3bd219342c1a3967082ea970fdc1df8bfe98e4d70f3447211def9c4af
Instruction ID: 64c38cb2ef2878c3cd827e19f1209bbbd71e00c37e17346f5a3396e53f407233
Opcode Fuzzy Hash: 647c0ec3bd219342c1a3967082ea970fdc1df8bfe98e4d70f3447211def9c4af
Instruction Fuzzy Hash: B9E012707C910545FD6827B534AD3BB01601F49778E1C27206A36856C7AF1684D282D0

Function 000002674E1BC8E4 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 000002674E1BC8FA
GetLastError.KERNEL32 ref: 000002674E1BC904

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 72138e40380d5112b21707695b445e96a660da0ee9e2d4851e9dc7ca50ec71c9
Instruction ID: 4293554bd65feec0b9da869096f6efb382477f9eeedd62962ac6d73597a28319
Opcode Fuzzy Hash: 72138e40380d5112b21707695b445e96a660da0ee9e2d4851e9dc7ca50ec71c9
Instruction Fuzzy Hash: 4BE01270B5D74156FF5867F2784E33B11B25FD87A9F04446489AB86262ED2A498442C0

Function 000002674E1AEA20 Relevance: 1.7, APIs: 1, Instructions: 183COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E1AEC67

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 06f445c4d715db9863d0123942d7ba89de07497fb5fccb386a9ea5c6f4e75a07
Instruction ID: 3c71711246c930515fabc5ebfb35b49aa83294ce46fd50a6a16ba38b76389a36
Opcode Fuzzy Hash: 06f445c4d715db9863d0123942d7ba89de07497fb5fccb386a9ea5c6f4e75a07
Instruction Fuzzy Hash: 52618D3234964489EE24DF1AA09C37E6771F745FB8F958A12CE6A0B7D5DE3AD4C18380

Function 000002674E1613B0 Relevance: 1.7, APIs: 1, Instructions: 157COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E16159F

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 65d87c9becc87b84f7b60218b84011864f34b5e39e3dfbbd607665c6a2404761
Instruction ID: 86e1c56bae183b4bb536034b0160d83fb8b365608b282b1ec0d3d14e216d2685
Opcode Fuzzy Hash: 65d87c9becc87b84f7b60218b84011864f34b5e39e3dfbbd607665c6a2404761
Instruction Fuzzy Hash: C8515772348B448AEB158F29E05835E73B1F349FA8F954612DE5E473A9DF3AC481C380

Function 000002674E1679E0 Relevance: 1.6, APIs: 1, Instructions: 125COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E167B78

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: f9eeb733f8a4a108af94915df536c0dc9c1f59d31989ab427aad8964bec0a731
Instruction ID: 60214ffc676cdfcd68263aae3045cbd3d70c94b0b8d3cd049a72ce2151a760eb
Opcode Fuzzy Hash: f9eeb733f8a4a108af94915df536c0dc9c1f59d31989ab427aad8964bec0a731
Instruction Fuzzy Hash: 3541923134968446EA209F26B50C3AFA775FB44BF8F584621AFAD077D9DF3AC1418344

Function 000002674E14FF10 Relevance: 1.6, APIs: 1, Instructions: 123COMMON

Download Yara Rule

APIs

__std_fs_directory_iterator_open.LIBCPMT ref: 000002674E150023

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: __std_fs_directory_iterator_open
String ID:
API String ID: 4007087469-0
Opcode ID: 43e7b7ec92958d63d99828dcff5fb3f68b6e8dc1755e8ac558656ec0f0987f5b
Instruction ID: a47983bc631e984ad595ee01c51a398be8ac0d0fa28a84a4621216c588127f82
Opcode Fuzzy Hash: 43e7b7ec92958d63d99828dcff5fb3f68b6e8dc1755e8ac558656ec0f0987f5b
Instruction Fuzzy Hash: CC41B07369874042EA209B29B54C3AF6372E7897F8F544321EE69477D5EF3AC5828780

Function 000002674E1A1400 Relevance: 1.6, APIs: 1, Instructions: 119COMMON

Download Yara Rule

APIs

Part of subcall function 000002674E19AA40: __std_fs_get_current_path.LIBCPMT ref: 000002674E19AAB8

GetVolumeInformationW.KERNEL32 ref: 000002674E1A1490

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: InformationVolume__std_fs_get_current_path
String ID:
API String ID: 155845060-0
Opcode ID: 17caa88a6e64e68cf8b2a5312d52c31980bee5c53dc09247b1e49657a9dce78d
Instruction ID: 4f056804e93c877de74a4ca6f0a4745f5220bb811dee9400d3329ccfbc554826
Opcode Fuzzy Hash: 17caa88a6e64e68cf8b2a5312d52c31980bee5c53dc09247b1e49657a9dce78d
Instruction Fuzzy Hash: E151A032B58B8086E710CF78E8483AE7775F785798F504216EB8D53A99DF79C584CB80

Function 000002674E1BCDE0 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1BCE08

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 46feabfb0ec63526bfe7f4d0af9dd018a1b8cbeb56ac3d5732f810cec2e323f6
Instruction ID: 35351a424e1eee991b90ee94a26180d5c1134fb359de7594af67728d47ad1d93
Opcode Fuzzy Hash: 46feabfb0ec63526bfe7f4d0af9dd018a1b8cbeb56ac3d5732f810cec2e323f6
Instruction Fuzzy Hash: 0D41A1326596848BEA74CB19F54C3BE77B1E794BA8F100245EBE687791CF3AD402C781

Function 000002674E167089 Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2016bef736a871d965ad28d601afe214608b753d0a8815541933cd2007257222
Instruction ID: 5a75df9426e8a590b91d3dd81f6166366f94a12e40725c255c229a091dd1a9b8
Opcode Fuzzy Hash: 2016bef736a871d965ad28d601afe214608b753d0a8815541933cd2007257222
Instruction Fuzzy Hash: D231A87134964447EE24DB25F50C3AEA372EB48BF8F5846229B6D0B7D5DE79C1918380

Function 000002674E1AC940 Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E1ACA95

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: bf54b1cc109dbce257a7005c98462d862d7f1a93d9052ce3ddfbaee0a55d3b34
Instruction ID: 835cc46206d96633b78cd5a8c7db94f8bdb7e947ff985b2529cdd85328fdfcd9
Opcode Fuzzy Hash: bf54b1cc109dbce257a7005c98462d862d7f1a93d9052ce3ddfbaee0a55d3b34
Instruction Fuzzy Hash: 9F319572345B8481EA24DF65F14C37FA3B1E788BE8F1046259BAE17B95DF39C0418380

Function 000002674E161E70 Relevance: 1.6, APIs: 1, Instructions: 95COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E161F7C

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 3d16a0aeb39d9c52c041f65ce0578effe35c927b71fa7443a73ada3af2142184
Instruction ID: 2b7265f9071063a394c0249ed9cc828625b4929481051666200403a5e7021363
Opcode Fuzzy Hash: 3d16a0aeb39d9c52c041f65ce0578effe35c927b71fa7443a73ada3af2142184
Instruction Fuzzy Hash: B021E632745B8446EE19EB25B50C3AA6271EB44BF8F2447219A7D437D6EF7AC4D28380

Function 000002674E16366D Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E163766

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: de654f582790c1b2a35a96a9886b6342dcb862ad43b9daa025dfbf981dd7dae6
Instruction ID: f23dddc4ab3b6b946251b62d44b3ed2cc36facc8421d079886f00158a519831b
Opcode Fuzzy Hash: de654f582790c1b2a35a96a9886b6342dcb862ad43b9daa025dfbf981dd7dae6
Instruction Fuzzy Hash: DD21F47238A6844AFE19DB35F15C37E62619740FFCF440A219A7E07BD9DE6AC5828384

Function 000002674E1BE878 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1BE96F

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 457153a46a009ee407bab954f631945d0509b3d7eb0f1de31150085b5eb366e5
Instruction ID: 3ce5aa86212bb395dc0064a9ad1c19361283408c20f4acc9f8cdb8002a765b47
Opcode Fuzzy Hash: 457153a46a009ee407bab954f631945d0509b3d7eb0f1de31150085b5eb366e5
Instruction Fuzzy Hash: 2F31983165860489F7916F15E88D37F36B1A784BBDF510205E9AA0B3D2DF7AC444C791

Function 000002674E1DE1A0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1DE0FD

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2220776c349fdba2b6784378f9128c234d6ceb4fcfd5e2b10759636d1f6578db
Instruction ID: e389c162189d684ed60246240b17e5b49155be8bd8031ca09ab1f338cfb9729b
Opcode Fuzzy Hash: 2220776c349fdba2b6784378f9128c234d6ceb4fcfd5e2b10759636d1f6578db
Instruction Fuzzy Hash: 7A11D332B4C79081EA609F11F44C7BFB2B0B784BA9F584421EA9947786DF3EC40087C2

Function 000002674E1E2688 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1E26AB

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0d6c5737907d3245f73467c876848eebb3143c49d3ef4b73218378d8403eb434
Instruction ID: e34fef9f7feda816b5309dfe46252419d78adf21b66348aea1c0723e1a4ef400
Opcode Fuzzy Hash: 0d6c5737907d3245f73467c876848eebb3143c49d3ef4b73218378d8403eb434
Instruction Fuzzy Hash: CD219632618A8087DB619F1CF45C36A77B1F794B68F544324FA69476D9DF3AC440CB40

Function 000002674E19BF10 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 000002674E19BF58

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: c6986e2cf72187001e57c619f9179f3f533dc14f1b44f62c562c025f18a7376a
Instruction ID: f983c250733c88979b84f768b9583d183f74d74a34df92459c32d5bd19e1a684
Opcode Fuzzy Hash: c6986e2cf72187001e57c619f9179f3f533dc14f1b44f62c562c025f18a7376a
Instruction Fuzzy Hash: 1901D631718A8481DB50CF2AF548A5AA7B1F789FE8F585134EF5D03B4CDF29C8418B84

Function 000002674E157981 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 000002674E1579C4

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: ccfa8f38ed612f4e8ddd3e6d6a05ec771484547eb56912c77a55a8e41b15c97b
Instruction ID: 81e8eac61a4d48f264bfeba8a41cbaa0944bf49c1e6d44fa1abe02af5d978f9b
Opcode Fuzzy Hash: ccfa8f38ed612f4e8ddd3e6d6a05ec771484547eb56912c77a55a8e41b15c97b
Instruction Fuzzy Hash: A901FF3625CA8195DA70CB56F49939B6374F788BA8F444422DE8D83B59DE39C886CB40

Function 000002674E1B0164 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1B0183

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0ed47cd4b59ff69551f8e78227d8f4e38a940980cad2ee6427b640313745ffe7
Instruction ID: 1fd3296331122780b72ff239540df025b365d5546c80deac5ce32bbf5c304eff
Opcode Fuzzy Hash: 0ed47cd4b59ff69551f8e78227d8f4e38a940980cad2ee6427b640313745ffe7
Instruction Fuzzy Hash: 4CE0923169D64589EB69ABB8B28D37E72B0AB447F8F144321AAB4462C6DE26C4904650

Function 000002674E1DB74C Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 000002674E1DB750

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 7c5c8b2f9f95c20798bba13689a054510256dd3270a922cf6db1b5b31cf82ad3
Instruction ID: 9f4e3619a73621b472a5565cd0c2696c0b3e108732629ebead33566c1d8f7019
Opcode Fuzzy Hash: 7c5c8b2f9f95c20798bba13689a054510256dd3270a922cf6db1b5b31cf82ad3
Instruction Fuzzy Hash: A0C04C24F9D501C2EAD417626C8EA0311B09798B24F540410820580151DD1E85D697D1

Function 000002674E1DD070 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32 ref: 000002674E1DD079

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: ab98e528da3f92edb45ebba1ca75c218e2e96c98443ac49b096ad434246530e8
Instruction ID: a4667a2b75445818d32faa59343ecfa661257397d4b610ddf6c7319a773c914e
Opcode Fuzzy Hash: ab98e528da3f92edb45ebba1ca75c218e2e96c98443ac49b096ad434246530e8
Instruction Fuzzy Hash: 6CB09236A188C0C7CA11FB14EC4A00A7331F798B18FD00400E38942624DE2DCA2ACE80

Function 000002674E1BCF4C Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 000002674E1BCFA1

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 82cf8587b9ba114877d0bf38a3d5084c08df71825f5767c6e8ed258d5192905f
Instruction ID: 9bd15c231e463a3a412de833f5ebefab23e44cfb3248f3d16ce43fca8a1a72ae
Opcode Fuzzy Hash: 82cf8587b9ba114877d0bf38a3d5084c08df71825f5767c6e8ed258d5192905f
Instruction Fuzzy Hash: B5F0247038964049FE245B75B40D3F752B11B88BA8F0C14B85D5AC63C2DF2EC4C082D0

Function 000002674E1BF284 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 000002674E1BF2C2

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 1572e28e03939d407de42495dc5117ea16b091d6e57b15f942660159700d15ee
Instruction ID: fd8a83001512a0c9113ea249825c35247522de8c5f2aadc2972f116add62b841
Opcode Fuzzy Hash: 1572e28e03939d407de42495dc5117ea16b091d6e57b15f942660159700d15ee
Instruction Fuzzy Hash: CAF0303939D20549FE546BB17D4D37721B15B9C7B8F085A609D7AC53C2DF2EC48186E0

Non-executed Functions

Function 000002674E1700B9 Relevance: 33.0, APIs: 3, Strings: 15, Instructions: 1494COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E1716A1
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E171762

Strings

#include, xrefs: 000002674E170A1A
unexpected '}', xrefs: 000002674E17178B
conditional not closed, xrefs: 000002674E17195B, 000002674E17197E
No closed word, xrefs: 000002674E1716A7, 000002674E1716CA
#base, xrefs: 000002674E170A46
key declared, but no value, xrefs: 000002674E1715F7, 000002674E17161A, 000002674E17171C
/, xrefs: 000002674E1702C2
unexpected key without object, xrefs: 000002674E17167E
word wasnt properly ended, xrefs: 000002674E1716ED, 000002674E171768
key opened, but never closed, xrefs: 000002674E17173F
Unexpected eof, xrefs: 000002674E17158A
object is not closed with '}', xrefs: 000002674E1715B1
", xrefs: 000002674E1704AC
*, xrefs: 000002674E1702FB
quote was opened but not closed., xrefs: 000002674E1715D4, 000002674E17163D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: "$#base$#include$*$/$No closed word$Unexpected eof$conditional not closed$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 118556049-2258937249
Opcode ID: c7a38751adf7bcd4ec8bde13cc5c570cbedffbdf296dfa864acab9f84c59b659
Instruction ID: e968601ca1795cfad907914c6a7181b0596d9e258921544f5d02c4c626143d3b
Opcode Fuzzy Hash: c7a38751adf7bcd4ec8bde13cc5c570cbedffbdf296dfa864acab9f84c59b659
Instruction Fuzzy Hash: 62E27D72349BC485EB608F64E88C3EE2771F744BACF545222DA5D0BA99DF75CA85C380

Function 000002674E16E6D9 Relevance: 33.0, APIs: 3, Strings: 15, Instructions: 1482COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E16FCC1

Part of subcall function 000002674E14D7E0: __std_exception_copy.LIBVCRUNTIME ref: 000002674E14D823

Part of subcall function 000002674E1D11D8: RtlPcToFileHeader.KERNEL32 ref: 000002674E1D121C
Part of subcall function 000002674E1D11D8: RaiseException.KERNEL32 ref: 000002674E1D1262

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E16FD82

Strings

/, xrefs: 000002674E16E8E2
#include, xrefs: 000002674E16F03A
unexpected '}', xrefs: 000002674E16FDAB
conditional not closed, xrefs: 000002674E16FF7B, 000002674E16FF9E
No closed word, xrefs: 000002674E16FCC7, 000002674E16FCEA
#base, xrefs: 000002674E16F066
", xrefs: 000002674E16EACC
key declared, but no value, xrefs: 000002674E16FC17, 000002674E16FC3A, 000002674E16FD3C
*, xrefs: 000002674E16E91B
unexpected key without object, xrefs: 000002674E16FC9E
word wasnt properly ended, xrefs: 000002674E16FD0D, 000002674E16FD88
key opened, but never closed, xrefs: 000002674E16FD5F
Unexpected eof, xrefs: 000002674E16FBAA
object is not closed with '}', xrefs: 000002674E16FBD1
quote was opened but not closed., xrefs: 000002674E16FBF4, 000002674E16FC5D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
String ID: "$#base$#include$*$/$No closed word$Unexpected eof$conditional not closed$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 145623376-2258937249
Opcode ID: 617e5560431b85d2165705e9510db6f3a535c635b7fd86c397cd2d0aa2054dc2
Instruction ID: 9b51448a4e34703bc39bc00b7188f0a8a255affb25bb6fe5ab48d84d32952857
Opcode Fuzzy Hash: 617e5560431b85d2165705e9510db6f3a535c635b7fd86c397cd2d0aa2054dc2
Instruction Fuzzy Hash: 80E28D72249AC486EB60CF34E88C3EE2771F7497ACF445612DA5D0BA99DF76C685C380

Function 000002674E126480 Relevance: 30.2, Strings: 24, Instructions: 244COMMON

Download Yara Rule

Strings

mib.bin, xrefs: 000002674E126744
autorun.inf, xrefs: 000002674E1264A8
indexervolumeguid, xrefs: 000002674E126773
winsipolicy.p7b, xrefs: 000002674E1265B8
BOOTNXT, xrefs: 000002674E12688D
wpsettings.dat, xrefs: 000002674E1267A2
bootfont.bin, xrefs: 000002674E126520
ntuser.ini, xrefs: 000002674E126659
ntuser.dat.log, xrefs: 000002674E12662D
desktop.ini, xrefs: 000002674E12656C
iconcache.db, xrefs: 000002674E1265DE
d3d9caps.dat, xrefs: 000002674E1266E6
boot.sdi, xrefs: 000002674E1267D1
thumbs.db, xrefs: 000002674E126688
gdipfontcachev1.dat, xrefs: 000002674E1266B7
reagent.xml, xrefs: 000002674E12682F
bootstat.dat, xrefs: 000002674E126715
bootsect.bak, xrefs: 000002674E126546
winre.wim, xrefs: 000002674E126800
ntuser.dat, xrefs: 000002674E126604
bootmgfw.efi, xrefs: 000002674E1264F9
boot.ini, xrefs: 000002674E1264D1
ntldr, xrefs: 000002674E126592
bootmgr, xrefs: 000002674E12685E

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
API String ID: 118556049-850610325
Opcode ID: edcd2fc5b2d1d5c491b5765352a7b000dcade2125810695668c3c1cd0c070a6d
Instruction ID: 596cb698db7cce5cc2c79d6ba6f9dcd95476e58cac891f6056f7a9b0af4b0127
Opcode Fuzzy Hash: edcd2fc5b2d1d5c491b5765352a7b000dcade2125810695668c3c1cd0c070a6d
Instruction Fuzzy Hash: 3EC1B572E64FC985E721DB34D8863EA5331F7EA39CF906302794865856EFA593C4C780

Function 000002674E1A57C0 Relevance: 28.0, APIs: 18, Instructions: 1017stringmemorynativeCOMMON

Download Yara Rule

APIs

RtlAcquirePebLock.NTDLL ref: 000002674E1A5803
NtAllocateVirtualMemory.NTDLL ref: 000002674E1A5838
lstrcpyW.KERNEL32 ref: 000002674E1A589A
lstrcatW.KERNEL32 ref: 000002674E1A5951
NtAllocateVirtualMemory.NTDLL ref: 000002674E1A59D5
lstrcpyW.KERNEL32 ref: 000002674E1A5A8A
RtlInitUnicodeString.NTDLL ref: 000002674E1A5A9F
RtlInitUnicodeString.NTDLL ref: 000002674E1A5AB4
LdrEnumerateLoadedModules.NTDLL ref: 000002674E1A5AC7
RtlReleasePebLock.NTDLL ref: 000002674E1A5ACD

Part of subcall function 000002674E199F00: SHGetKnownFolderPath.SHELL32 ref: 000002674E199F59
Part of subcall function 000002674E199F00: CoTaskMemFree.OLE32 ref: 000002674E19A01A

CoInitializeEx.OLE32 ref: 000002674E1A5B75
lstrcpyW.KERNEL32 ref: 000002674E1A5D7E
lstrcatW.KERNEL32 ref: 000002674E1A5FB5
CoGetObject.OLE32 ref: 000002674E1A5FD1
lstrcpyW.KERNEL32 ref: 000002674E1A6731
lstrcatW.KERNEL32 ref: 000002674E1A6992
CoGetObject.OLE32 ref: 000002674E1A69AE
CoUninitialize.OLE32 ref: 000002674E1A6F22

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
String ID:
API String ID: 1424456515-0
Opcode ID: 991b0681b3cb0b811cca883475f0af3d880034819dab3a9f0d92d3b5d847a852
Instruction ID: 4f8068af51080f35868db97f1e42b318ea67bcd30195713bf9735bc7c145ea6e
Opcode Fuzzy Hash: 991b0681b3cb0b811cca883475f0af3d880034819dab3a9f0d92d3b5d847a852
Instruction Fuzzy Hash: 11D2A936629FC48AD7A18F69E88169EB3B5F388B88F105215EECD57B18EF34C254C744

Function 000002674E190690 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 271COMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32 ref: 000002674E19073E
CoInitializeSecurity.OLE32 ref: 000002674E1907F2

Strings

@, xrefs: 000002674E1908F6

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Initialize$Security
String ID: @
API String ID: 119290355-2766056989
Opcode ID: d3a2611dec909c8325a65b782830566092cebbe6120a51421e17bc99a6e45572
Instruction ID: e78c6470157f2ab46452cdbe3212553ae3a775dfd1d6ae943d30b1c3a4df4ab4
Opcode Fuzzy Hash: d3a2611dec909c8325a65b782830566092cebbe6120a51421e17bc99a6e45572
Instruction Fuzzy Hash: 5DC17E72B48B808AFB10CF75E45C39E3372E789BACF005615DE5A16A99DF7AC194C384

Function 000002674E1260C0 Relevance: 25.2, Strings: 20, Instructions: 208COMMON

Download Yara Rule

Strings

System Volume Information, xrefs: 000002674E126186
ProgramData, xrefs: 000002674E126355
Windows.old, xrefs: 000002674E1261F8
PerfLogs, xrefs: 000002674E126244
$windows.~bt, xrefs: 000002674E12621E
Application Data, xrefs: 000002674E1261AC
$winreagent, xrefs: 000002674E12626D
All users, xrefs: 000002674E126384
Program Files, xrefs: 000002674E1263E2
config.msi, xrefs: 000002674E1261D2
Windows.~bt, xrefs: 000002674E1262C8
$windows.~ws, xrefs: 000002674E126299
$recycle.bin, xrefs: 000002674E1260E8
Windows, xrefs: 000002674E126111
Boot, xrefs: 000002674E126160
AppData, xrefs: 000002674E1262F7
Program Files (x86), xrefs: 000002674E126411
#recycle, xrefs: 000002674E126139
ntldr, xrefs: 000002674E126326
bootmgr, xrefs: 000002674E1263B3

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: #recycle$$recycle.bin$$windows.~bt$$windows.~ws$$winreagent$All users$AppData$Application Data$Boot$PerfLogs$Program Files$Program Files (x86)$ProgramData$System Volume Information$Windows$Windows.old$Windows.~bt$bootmgr$config.msi$ntldr
API String ID: 118556049-2722463023
Opcode ID: f0092856a2f44c3b95c7e50647ff602fc0e35287a884e110670a5cc4549e278c
Instruction ID: b0bef85648b792f35cae95b6b7981c5bd1f9752a46228635e25a0a7549e446bf
Opcode Fuzzy Hash: f0092856a2f44c3b95c7e50647ff602fc0e35287a884e110670a5cc4549e278c
Instruction Fuzzy Hash: 7EA1B672E64FC985E720DB34D8863EA5331F7EA39CF906702794865856EFA5A2C4C780

Function 000002674E1C9A74 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 000002674E1C9AC3
_invalid_parameter_noinfo.LIBCMT ref: 000002674E1CA0F6
_invalid_parameter_noinfo.LIBCMT ref: 000002674E1CA26C
_invalid_parameter_noinfo.LIBCMT ref: 000002674E1CA528
_invalid_parameter_noinfo.LIBCMT ref: 000002674E1CA748
_invalid_parameter_noinfo.LIBCMT ref: 000002674E1CA983
memcpy_s.LIBCPMT ref: 000002674E1CAA5E
memcpy_s.LIBCPMT ref: 000002674E1CAB09
memcpy_s.LIBCPMT ref: 000002674E1CABD9

Part of subcall function 000002674E1B4604: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1B4636

Strings

1#INF, xrefs: 000002674E1C9BEF
1#QNAN, xrefs: 000002674E1C9BDF
1#SNAN, xrefs: 000002674E1C9BD6
1#IND, xrefs: 000002674E1C9BB3

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: d9b607ac31ade7ddb84878c7754434a563a71c4121ff0c351274636517767a1e
Instruction ID: 80dc55351007dee836bd9ecda3576d9a181400e631809cd4b1ecc90cb26ef58c
Opcode Fuzzy Hash: d9b607ac31ade7ddb84878c7754434a563a71c4121ff0c351274636517767a1e
Instruction Fuzzy Hash: 36B203726582808BE7668F64E44CBEF37B1F34479CF505216DB4697A88DF36DA81CB80

Function 000002674E1A5080 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 362nativelibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 000002674E1CE1C0: EnterCriticalSection.KERNEL32 ref: 000002674E1CE1D0

GetModuleHandleA.KERNEL32 ref: 000002674E1A50FA
GetProcAddress.KERNEL32 ref: 000002674E1A510A
OpenProcess.KERNEL32 ref: 000002674E1A514D
NtQuerySystemInformation.NTDLL ref: 000002674E1A5174
NtQuerySystemInformation.NTDLL ref: 000002674E1A519F
GetCurrentProcess.KERNEL32 ref: 000002674E1A526B
NtQueryObject.NTDLL ref: 000002674E1A52B8
GetFinalPathNameByHandleA.KERNEL32 ref: 000002674E1A53B2
CloseHandle.KERNEL32 ref: 000002674E1A54C6
CloseHandle.KERNEL32 ref: 000002674E1A554E

Strings

ntdll.dll, xrefs: 000002674E1A50F3
NtDuplicateObject, xrefs: 000002674E1A5103
File, xrefs: 000002674E1A52EC

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Handle$Query$CloseInformationProcessSystem$AddressCriticalCurrentEnterFinalModuleNameObjectOpenPathProcSection
String ID: File$NtDuplicateObject$ntdll.dll
API String ID: 2066483518-3955674919
Opcode ID: 38d65493492f6e7dd8087a2e3300eba3a870d78a46c5fdb8a1c4863bdd7da851
Instruction ID: f657a2ac682c1a8dd09a8933ea41f44503921fd4b0cd5eec6451325c2361cf25
Opcode Fuzzy Hash: 38d65493492f6e7dd8087a2e3300eba3a870d78a46c5fdb8a1c4863bdd7da851
Instruction Fuzzy Hash: 17E1AE72B48A809AFB00DF75E45C3AE2772F745BACF404525DE5A27B99DF3AC1458380

Function 000002674E196650 Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 472COMMON

Download Yara Rule

APIs

Part of subcall function 000002674E1CE1C0: EnterCriticalSection.KERNEL32 ref: 000002674E1CE1D0

ShellExecuteW.SHELL32 ref: 000002674E196BE5

Strings

ios_base::eofbit set, xrefs: 000002674E196E26
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;', xrefs: 000002674E19676B
temp_directory_path, xrefs: 000002674E196DEB
.exe, xrefs: 000002674E1966FB
ios_base::badbit set, xrefs: 000002674E196E14
ios_base::failbit set, xrefs: 000002674E196E1F
.exe, xrefs: 000002674E196724
open, xrefs: 000002674E196B5C
runas, xrefs: 000002674E196B65

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CriticalEnterExecuteSectionShell
String ID: .exe$.exe$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas$temp_directory_path
API String ID: 4038919937-3845196099
Opcode ID: c7e399cc671644e4e1475da5459dac05b7e6842f13cea8b34b197d8abce8da6a
Instruction ID: 3b558e888da7f6e48800c5efa522783adcb5f736224f8f401ffdd33bf8540ae7
Opcode Fuzzy Hash: c7e399cc671644e4e1475da5459dac05b7e6842f13cea8b34b197d8abce8da6a
Instruction Fuzzy Hash: 76327F72618B8089EB10CF24F88C39E77B2F7817ACF505616EA5D47AA9DF79C185C780

Function 000002674E19BFA0 Relevance: 15.1, APIs: 3, Strings: 4, Instructions: 2814COMMON

Download Yara Rule

Strings

cannot use push_back() with , xrefs: 000002674E19F56D
cannot compare iterators of different containers, xrefs: 000002674E19F615, 000002674E19F6CD, 000002674E19F80F
value, xrefs: 000002674E19C7D3
type must be string, but is , xrefs: 000002674E19F5D3, 000002674E19F68B, 000002674E19F761, 000002674E19F7BB

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: cannot compare iterators of different containers$cannot use push_back() with $type must be string, but is $value
API String ID: 118556049-2711811579
Opcode ID: 48f93b1b7774b6c92ea80d83ff522397fac04e2e2bb4faf2629b70e72dee0907
Instruction ID: cc02dad4a9f72fcc250b6f8148c77ffcace3acc48ab79bfa621b2bcefe5fbc22
Opcode Fuzzy Hash: 48f93b1b7774b6c92ea80d83ff522397fac04e2e2bb4faf2629b70e72dee0907
Instruction Fuzzy Hash: E8636C72659BC499EB309F24E8483EE23B1F7497ACF405615DA9D4BA9ADF35C284C380

Function 000002674E1A5B10 Relevance: 12.8, APIs: 8, Instructions: 839stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000002674E1A57C0: RtlAcquirePebLock.NTDLL ref: 000002674E1A5803
Part of subcall function 000002674E1A57C0: NtAllocateVirtualMemory.NTDLL ref: 000002674E1A5838
Part of subcall function 000002674E1A57C0: lstrcpyW.KERNEL32 ref: 000002674E1A589A
Part of subcall function 000002674E1A57C0: lstrcatW.KERNEL32 ref: 000002674E1A5951

CoInitializeEx.OLE32 ref: 000002674E1A5B75
lstrcpyW.KERNEL32 ref: 000002674E1A5D7E
lstrcatW.KERNEL32 ref: 000002674E1A5FB5
CoGetObject.OLE32 ref: 000002674E1A5FD1
lstrcpyW.KERNEL32 ref: 000002674E1A6731
lstrcatW.KERNEL32 ref: 000002674E1A6992
CoGetObject.OLE32 ref: 000002674E1A69AE
CoUninitialize.OLE32 ref: 000002674E1A6F22

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
String ID:
API String ID: 3636535045-0
Opcode ID: 62d431a354481ccfb15ad27e92260adfbdf61f84281a700c847a0d14b703fc52
Instruction ID: 978ab3f21f76c5f43a4d00cada09749103c9c6c52be7342cdc7bb4b84793caa5
Opcode Fuzzy Hash: 62d431a354481ccfb15ad27e92260adfbdf61f84281a700c847a0d14b703fc52
Instruction Fuzzy Hash: 7AB2883652AFC58AD7A18F69F88169AB3A4F388B84F105215FFCD57B18EF38C2548744

Function 000002674E15205E Relevance: 11.3, APIs: 1, Strings: 5, Instructions: 804COMMON

Download Yara Rule

Strings

status, xrefs: 000002674E152D90, 000002674E152DA6
exists, xrefs: 000002674E152D64
content, xrefs: 000002674E15275D
filename, xrefs: 000002674E1526A6
directory_iterator::directory_iterator, xrefs: 000002674E152D80, 000002674E152DCA

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 0-3429737954
Opcode ID: 586549ad99a1701b7123dcb876a5536be7328543a59eda1aa36236f9a4aa8d39
Instruction ID: 9355ebfcc0c9a5b97d34cc4e8b5d331c32fda82f9df2ea5243470df493561ecc
Opcode Fuzzy Hash: 586549ad99a1701b7123dcb876a5536be7328543a59eda1aa36236f9a4aa8d39
Instruction Fuzzy Hash: 5F827F32659BC089EB218F38E88C3EE2371F7857A8F455615EA4D47B99EF35C685C380

Function 000002674E1C8364 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000002674E1B956C: GetLastError.KERNEL32 ref: 000002674E1B957B
Part of subcall function 000002674E1B956C: FlsGetValue.KERNEL32 ref: 000002674E1B9590
Part of subcall function 000002674E1B956C: SetLastError.KERNEL32 ref: 000002674E1B961B

TranslateName.LIBCMT ref: 000002674E1C83D1
TranslateName.LIBCMT ref: 000002674E1C840C
GetACP.KERNEL32 ref: 000002674E1C8451
IsValidCodePage.KERNEL32 ref: 000002674E1C8479

Strings

utf8, xrefs: 000002674E1C855D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue
String ID: utf8
API String ID: 1791977518-905460609
Opcode ID: b55e187aed6d809e8e73de1ec35ea0a41fa3c0b50307ddf2958949270e0425d4
Instruction ID: 025697f40318c45501c428d067308f7f7bc3f7d3cc54e76419c93a232b416d60
Opcode Fuzzy Hash: b55e187aed6d809e8e73de1ec35ea0a41fa3c0b50307ddf2958949270e0425d4
Instruction Fuzzy Hash: B6919F7228879085FB249F21F48D3AB23B4E745BA8F448121DB8987785DF7AE592C7C0

Function 000002674E1C8D98 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000002674E1B956C: GetLastError.KERNEL32 ref: 000002674E1B957B
Part of subcall function 000002674E1B956C: FlsGetValue.KERNEL32 ref: 000002674E1B9590
Part of subcall function 000002674E1B956C: SetLastError.KERNEL32 ref: 000002674E1B961B

Part of subcall function 000002674E1B956C: FlsSetValue.KERNEL32 ref: 000002674E1B95B1
Part of subcall function 000002674E1B956C: FlsGetValue.KERNEL32 ref: 000002674E1B9651

GetUserDefaultLCID.KERNEL32 ref: 000002674E1C8F08

Part of subcall function 000002674E1B956C: FlsSetValue.KERNEL32 ref: 000002674E1B95DE
Part of subcall function 000002674E1B956C: FlsSetValue.KERNEL32 ref: 000002674E1B95EF
Part of subcall function 000002674E1B956C: FlsSetValue.KERNEL32 ref: 000002674E1B9600
Part of subcall function 000002674E1B956C: FlsSetValue.KERNEL32 ref: 000002674E1B9670
Part of subcall function 000002674E1B956C: FlsSetValue.KERNEL32 ref: 000002674E1B9698

EnumSystemLocalesW.KERNEL32 ref: 000002674E1C8EEF
ProcessCodePage.LIBCMT ref: 000002674E1C8F32
IsValidCodePage.KERNEL32 ref: 000002674E1C8F44
IsValidLocale.KERNEL32 ref: 000002674E1C8F5A
GetLocaleInfoW.KERNEL32 ref: 000002674E1C8FB6
GetLocaleInfoW.KERNEL32 ref: 000002674E1C8FD2

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 6f43a37a45385bbf7dfa6322a723e9dff443d4f39bf2271c5d7c4ac8f131f397
Instruction ID: 257e78774697250c8038a45ecea549d6ebe2dafdb55e4fd1da3fcb4102b708a1
Opcode Fuzzy Hash: 6f43a37a45385bbf7dfa6322a723e9dff443d4f39bf2271c5d7c4ac8f131f397
Instruction Fuzzy Hash: 05718D3274475089FF50DB60E89C7EE73B1BB48B6CF4444159A4993695EF3AE485C3D0

Function 000002674E185F10 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 408COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 000002674E1860C0
__std_exception_destroy.LIBVCRUNTIME ref: 000002674E1860CE
__std_exception_destroy.LIBVCRUNTIME ref: 000002674E18635D
__std_exception_destroy.LIBVCRUNTIME ref: 000002674E18636B

Strings

value, xrefs: 000002674E185FE6, 000002674E18628D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: e2b516a9c62dac184565c8316076e1f3e75b4eb33cbc8470e56ac888791338c2
Instruction ID: 458de213a3743f70e6ec0046bd9f019609c90995f31af5dd5db505aeb307d686
Opcode Fuzzy Hash: e2b516a9c62dac184565c8316076e1f3e75b4eb33cbc8470e56ac888791338c2
Instruction Fuzzy Hash: 2702A072668BC085EB00CB74E48C3AE6771F7857B8F505B02FA9D42ADADF69C185C781

Function 000002674E1B0D38 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 000002674E1B0DB1
RtlLookupFunctionEntry.KERNEL32 ref: 000002674E1B0DC9
RtlVirtualUnwind.KERNEL32 ref: 000002674E1B0E04
IsDebuggerPresent.KERNEL32 ref: 000002674E1B0E3D
SetUnhandledExceptionFilter.KERNEL32 ref: 000002674E1B0E47
UnhandledExceptionFilter.KERNEL32 ref: 000002674E1B0E52

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 36bcf539ff511b9f2f372bada547dc74a3fd29a2a4a08272e792b2519e980bba
Instruction ID: 23fbffb795e866479799c5b77356aaec6f4f4a7064bdccf7c5b9fc9c68f59220
Opcode Fuzzy Hash: 36bcf539ff511b9f2f372bada547dc74a3fd29a2a4a08272e792b2519e980bba
Instruction Fuzzy Hash: 34315F36258F8086EB60CF25F8483AE73B4F7887A8F540525EA9D43B99DF39C555CB80

Function 000002674E15B110 Relevance: 8.4, Strings: 6, Instructions: 915COMMON

Download Yara Rule

Strings

files, xrefs: 000002674E15BF39
exists, xrefs: 000002674E15C1A5, 000002674E15C1C0
content, xrefs: 000002674E15BDC2
filename, xrefs: 000002674E15BC49
key, xrefs: 000002674E15B687, 000002674E15B869
directory_iterator::directory_iterator, xrefs: 000002674E15C212

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: content$directory_iterator::directory_iterator$exists$filename$files$key
API String ID: 0-2980817763
Opcode ID: 2c4ef3ecad0500aa6eed00e193ac1fbf3ecaf5aaf7455de47e6adcb8bc4d7ab3
Instruction ID: b757438669d742e892a1ebed58a39d2eae98a76a1a2cfe6bba6607030f4b5b2e
Opcode Fuzzy Hash: 2c4ef3ecad0500aa6eed00e193ac1fbf3ecaf5aaf7455de47e6adcb8bc4d7ab3
Instruction Fuzzy Hash: 5EA25E72659BC089DB218F28E8883DE33B5F7857ACF505215EA9D0BB99DF75C284C740

Function 000002674E1B4100 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 000002674E1B416A
memcpy_s.LIBCPMT ref: 000002674E1B4195

Strings

, xrefs: 000002674E1B42C8

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-3916222277
Opcode ID: d6d9011da9560f75d79d712151dba2a05f068b08906f83bba3c34db6d26f72f4
Instruction ID: abeeadc055318c7300d0f99ded8ce569183c51352a33cc74482f3551e92ee1c6
Opcode Fuzzy Hash: d6d9011da9560f75d79d712151dba2a05f068b08906f83bba3c34db6d26f72f4
Instruction Fuzzy Hash: 74C1C2B26586858BE724CF19F08CB6FB7A5F394798F44C125DB8647B44EB39D805CB80

Function 000002674E159D69 Relevance: 7.3, Strings: 5, Instructions: 1060COMMON

Download Yara Rule

Strings

status, xrefs: 000002674E15B0AF
users, xrefs: 000002674E15A629
!, xrefs: 000002674E15A97F
content, xrefs: 000002674E15A009, 000002674E15A2EF, 000002674E15AB8B
filename, xrefs: 000002674E159FA7, 000002674E15A293, 000002674E15AAB8

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
String ID: !$content$filename$status$users
API String ID: 3645842244-3795777748
Opcode ID: 60ac7814a54a8b643bfdec3331cd5155469ff46daf70a046570bf52c7ae01c32
Instruction ID: c7086e07feb53d061bd5e969c2e690664c55acbc81dc2b569217bbb54e8a9fb3
Opcode Fuzzy Hash: 60ac7814a54a8b643bfdec3331cd5155469ff46daf70a046570bf52c7ae01c32
Instruction Fuzzy Hash: 19B26F72655BC48ADB21DF38E8483DE2371F7857ACF405212EA9D4BA99EF75C684C380

Function 000002674E1DD7B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000002674E1DD811
IsDebuggerPresent.KERNEL32 ref: 000002674E1DD829
OutputDebugStringW.KERNEL32 ref: 000002674E1DD83A

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000002674E1DD833

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: 16a569409356b0160a0f82d33effe78a83beb9a47a3a0e70dd5b5d693d8f2952
Instruction ID: efad0ecbc0dd849563b74671f64ac9f2b4504fac8bfa8a94054201a9615390d5
Opcode Fuzzy Hash: 16a569409356b0160a0f82d33effe78a83beb9a47a3a0e70dd5b5d693d8f2952
Instruction Fuzzy Hash: 47114C32654B8197F7089B22EA5D36A33B5F784369F404129C74942A51EF3AD4B4C790

Function 000002674E1B86B8 Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 000002674E1B8708
GetSystemInfo.KERNEL32 ref: 000002674E1B871F
VirtualAlloc.KERNEL32 ref: 000002674E1B878C
VirtualProtect.KERNEL32 ref: 000002674E1B87A6

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocInfoProtectQuerySystem
String ID:
API String ID: 3562403962-0
Opcode ID: 9274b09c63967ddddcb91dd4133cd15f84ec3bcd53289bbf1f5affcb4001546f
Instruction ID: 8bebcb99d734d0ddd238dff1731a90ce4c4e8677873233f0fb3550a8b45907c5
Opcode Fuzzy Hash: 9274b09c63967ddddcb91dd4133cd15f84ec3bcd53289bbf1f5affcb4001546f
Instruction Fuzzy Hash: 4F317E32354A809EEB10CF35E8597EA33A5F748B9CF484426DA4E8BB48DF39C645C780

Function 000002674E1CF11C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000002674E1CF148
GetCurrentThreadId.KERNEL32 ref: 000002674E1CF156
GetCurrentProcessId.KERNEL32 ref: 000002674E1CF162
QueryPerformanceCounter.KERNEL32 ref: 000002674E1CF172

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: d8fd20b6762ae4129b3796e8a1e8986ce167c62aad8fb109aab352fc19ec2d03
Instruction ID: 4a602d376b789e5017c47c5690de4d1575882f6ce6328d02cbf01682c6807fa5
Opcode Fuzzy Hash: d8fd20b6762ae4129b3796e8a1e8986ce167c62aad8fb109aab352fc19ec2d03
Instruction Fuzzy Hash: D7112A36B54F018AEB00CF60F8593A933B4F319768F450E21DA6E867A4DF79C19483C0

Function 000002674E189FA0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 365COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 000002674E18A1FA

Strings

parse_error, xrefs: 000002674E18A02C
value, xrefs: 000002674E18AED6

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: __std_exception_copy
String ID: parse_error$value
API String ID: 592178966-1739288027
Opcode ID: 1d34b1375488a2bb023fe0f893e63fd44ebd2c15bad9e7ad3506a9593953888f
Instruction ID: 54a5cf02cbc882a56102c958705ea6866adb62a85e2555fdb611d7b76b72fd73
Opcode Fuzzy Hash: 1d34b1375488a2bb023fe0f893e63fd44ebd2c15bad9e7ad3506a9593953888f
Instruction Fuzzy Hash: 6CF1B072B58A8195FB10DB74E44D3EE2332F7853ACF805702EA9D56ADAEF25C185C380

Function 000002674E15C230 Relevance: 5.6, Strings: 4, Instructions: 608COMMON

Download Yara Rule

Strings

exists, xrefs: 000002674E15CCBC
content, xrefs: 000002674E15C9A3
filename, xrefs: 000002674E15C7E4
directory_iterator::directory_iterator, xrefs: 000002674E15CCD8

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: content$directory_iterator::directory_iterator$exists$filename
API String ID: 0-1400943384
Opcode ID: 8b35b3d5587ea94a94bebcf1f1e0d333c16c49093410206e5fe1f831f9e8b02e
Instruction ID: d7bb0caba57bb9755ddeacc8b60691c276ffb696ac655a339f3799f1329e4223
Opcode Fuzzy Hash: 8b35b3d5587ea94a94bebcf1f1e0d333c16c49093410206e5fe1f831f9e8b02e
Instruction Fuzzy Hash: 6F528072655BC489EB208F28E8483DE73B1F7897ACF515216DA9C07B99EF35C280C780

Function 000002674E1C2DB8 Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1C3203
_get_daylight.LIBCMT ref: 000002674E1C32A3
_get_daylight.LIBCMT ref: 000002674E1C32BC

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID:
API String ID: 1286766494-0
Opcode ID: 53678dbfd363e45a668b87caebf557c33f1b3fa57ada2052f9e6c048d45eb0ee
Instruction ID: 6b0b59f1880eae23086647591b495eafc7e9004353824a60ec79d03c150f21e3
Opcode Fuzzy Hash: 53678dbfd363e45a668b87caebf557c33f1b3fa57ada2052f9e6c048d45eb0ee
Instruction Fuzzy Hash: 3592BF32248B9086EB358F24A45C2BF37B1F755BACF448155DB8A87B95DF3AC990C380

Function 000002674E1DB400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32 ref: 000002674E1DB426
FormatMessageA.KERNEL32 ref: 000002674E1DB455

Strings

!x-sys-default-locale, xrefs: 000002674E1DB419

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: f8e0064fd4687ebb9f26372c89aa93b1c3d5825c993d4f26b54fdbc6e52d471c
Instruction ID: eeea4ebdad852200a27a8f36b135b504f073e47cf7683932887c8a7e3091eaac
Opcode Fuzzy Hash: f8e0064fd4687ebb9f26372c89aa93b1c3d5825c993d4f26b54fdbc6e52d471c
Instruction Fuzzy Hash: 0B01D472748B8482E751CB11F44CBAAB7B1F3887E8F444115D65A03B99CF3DC909CB80

Function 000002674E191C50 Relevance: 4.4, Strings: 3, Instructions: 648COMMON

Download Yara Rule

Strings

pTa4uqR6tQnDMX31uTju4CtIJm3aeKMSl0wkJ3rxGh8=, xrefs: 000002674E191CFC
tMz6UdI0Pus=, xrefs: 000002674E191D84
port, xrefs: 000002674E1928FD

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: pTa4uqR6tQnDMX31uTju4CtIJm3aeKMSl0wkJ3rxGh8=$port$tMz6UdI0Pus=
API String ID: 0-1882791999
Opcode ID: 4edee334fbf5cf4b4df3e25979f4f240496e674528569ec0022c8f6ecb73b9ec
Instruction ID: c5c2c5c5287b733e9874300b7d020b8585a162f463c488c29f032ad70cfae6b7
Opcode Fuzzy Hash: 4edee334fbf5cf4b4df3e25979f4f240496e674528569ec0022c8f6ecb73b9ec
Instruction Fuzzy Hash: E0727C72629FC485EA60CB24F48839FB3B5F795794F506216EACD52B99EF38C190CB40

Function 000002674E1581E0 Relevance: 3.9, Strings: 2, Instructions: 1358COMMON

Download Yara Rule

Strings

exists, xrefs: 000002674E1598F3
Software, xrefs: 000002674E158654, 000002674E158840

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Software$exists
API String ID: 0-2364128853
Opcode ID: 2c7e43ceba25fa8f849f794a5ed6ea09cb62ebc729ca1fe346c9cea9114599f8
Instruction ID: 34a736f02103f5554f0c4880730ed51b591544006ab88ed3759ae9e0c7733268
Opcode Fuzzy Hash: 2c7e43ceba25fa8f849f794a5ed6ea09cb62ebc729ca1fe346c9cea9114599f8
Instruction Fuzzy Hash: AEE28072654BC48AEB208F29E8883DE7374F789BA8F114612DB9D57B99DF35C580C380

Function 000002674E17CC5D Relevance: 3.6, Strings: 2, Instructions: 1104COMMON

Download Yara Rule

Strings

content, xrefs: 000002674E17D40A, 000002674E17DFCF
filename, xrefs: 000002674E17D314, 000002674E17DED9

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: __std_fs_convert_narrow_to_wide$__std_fs_code_page
String ID: content$filename
API String ID: 2896615418-474635906
Opcode ID: 82fc525f08498d42bcd2b941c7ab55b5a5f535dd5cf2ae8d4db5d830883c1726
Instruction ID: 91a66f452fc7a0977fd91be0bde1084c9c04fd10b7dc40883ace6b447d41075c
Opcode Fuzzy Hash: 82fc525f08498d42bcd2b941c7ab55b5a5f535dd5cf2ae8d4db5d830883c1726
Instruction Fuzzy Hash: 44C2387265DBC481DA718B14F4883DBA3B1F7C97A4F405216EADD43AA9EF39C590CB80

Function 000002674E1BD53C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 000002674E1BD5B0

Strings

GetLocaleInfoEx, xrefs: 000002674E1BD558, 000002674E1BD569

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 7225a06619955565ff47aed1f984b3dac7adc03be6b0bc75c8be47510ce207d3
Instruction ID: b8feb055164972f7dcb743a655fb2ac32c73cd03f34f7be5c47e90086dcca730
Opcode Fuzzy Hash: 7225a06619955565ff47aed1f984b3dac7adc03be6b0bc75c8be47510ce207d3
Instruction Fuzzy Hash: 8101D631748B8089EB048B46F44C29BB371E788BE8F584426DF4D07B95CE39C54187C0

Function 000002674E197BF0 Relevance: 3.4, APIs: 2, Instructions: 391COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 000002674E197C53
ShellExecuteW.SHELL32 ref: 000002674E1982BB

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ExecuteFileModuleNameShell
String ID:
API String ID: 1703432166-0
Opcode ID: 69a7a0bf2e3c2ea62d15ae9e710cbad767f350b7f450484520631a79c21b3666
Instruction ID: 5c04d2848bd2ff5419381615779d5663e97965cf8379443fca56157f1b1558be
Opcode Fuzzy Hash: 69a7a0bf2e3c2ea62d15ae9e710cbad767f350b7f450484520631a79c21b3666
Instruction Fuzzy Hash: 9A122632629FC48AEB408F29E88569EB3B5F389798F105215EEDD57B58EF78C150C740

Function 000002674E1C0BBC Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 000002674E1C0E0B
RaiseException.KERNEL32 ref: 000002674E1C0E1C

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 0d1fdd39e7615aa663790279dd2e603f564fcf233a3cabb7812fd32a0ccc1c41
Instruction ID: f8763cfca1a3fe3bc0df96e9589b75983ad52fb34c706747b81eca1fae857350
Opcode Fuzzy Hash: 0d1fdd39e7615aa663790279dd2e603f564fcf233a3cabb7812fd32a0ccc1c41
Instruction Fuzzy Hash: F8B14A77244B848BEB15CF29D88A35D3BB0F384B9CF158911DA5D877A8CB3AD891C740

Function 000002674E157F90 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 000002674E15801D
LocalFree.KERNEL32 ref: 000002674E1580AF

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: d3f3e25cce19232a8fc63a7dde533911a37660d2a701ce24fb7f17b17b65185d
Instruction ID: 72e7f63b546435180734f5e7c459165e44ab32d6e4d33343df461975d733fcb3
Opcode Fuzzy Hash: d3f3e25cce19232a8fc63a7dde533911a37660d2a701ce24fb7f17b17b65185d
Instruction Fuzzy Hash: 02618C73B58B809AF710DF78E45839E73B1E7587ACF008625EA8917A89DF79C1948390

Function 000002674E193730 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptProtectData.CRYPT32 ref: 000002674E193788
LocalFree.KERNEL32 ref: 000002674E19381A

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalProtect
String ID:
API String ID: 2714945720-0
Opcode ID: 4f17aac50473bc08939b1f8f49e55619b8cc9a5443be74896b8ea89f8c9b9f98
Instruction ID: 53b71fe2b150cc7ff5714a4fe6085bbe84d0ad015282814e3c2af5a42b319317
Opcode Fuzzy Hash: 4f17aac50473bc08939b1f8f49e55619b8cc9a5443be74896b8ea89f8c9b9f98
Instruction Fuzzy Hash: ED415D32618B80CAE3208F74E4483EE37B5F75974CF040625EB8906E89DF7AD5A4C384

Function 000002674E151C00 Relevance: 2.7, Strings: 2, Instructions: 229COMMON

Download Yara Rule

Strings

dumps, xrefs: 000002674E151C7C
emoji, xrefs: 000002674E151CA7

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CriticalEnterSection
String ID: dumps$emoji
API String ID: 1904992153-2873254224
Opcode ID: 4b1e15c5a11ac2e7a2a46e896d609379b33c8c6b2792195f922911b66fa10dab
Instruction ID: 4c8cff397e5de065b108738af3d0a57a135c79f78f95817c90f0a55967957726
Opcode Fuzzy Hash: 4b1e15c5a11ac2e7a2a46e896d609379b33c8c6b2792195f922911b66fa10dab
Instruction Fuzzy Hash: 86C16C32A16F89C9E700CF39E9892DE33B1E75979CF014255AE8C26B59EF35D164C384

Function 000002674E1BFABC Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

e+000, xrefs: 000002674E1BFBC9
gfff, xrefs: 000002674E1BFC46

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: 2cbc57aff2d67c5b7b5817a98a5636741370ddff258dc2e67d949cc7c9c23afe
Instruction ID: 59a875374557560ef200ed8587f16019a7f631b24991ddb9e47d5b8d8ce500f1
Opcode Fuzzy Hash: 2cbc57aff2d67c5b7b5817a98a5636741370ddff258dc2e67d949cc7c9c23afe
Instruction Fuzzy Hash: 115157327582C44AE7248B35ED5CB6A7BA1F348BB8F489221CFA447AC5CF3AC4458740

Function 000002674E177230 Relevance: 2.0, APIs: 1, Instructions: 460COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E1772AA

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 11887bff267953a81fc5c7707205ce55c7db93e1042c3f9384933876f0421cd2
Instruction ID: bc794dbc658da8c61b68ff748bbd7bdd1d989cc6f108d6f50c5d4d7cdcdf1638
Opcode Fuzzy Hash: 11887bff267953a81fc5c7707205ce55c7db93e1042c3f9384933876f0421cd2
Instruction Fuzzy Hash: 9902AD72759B8085EB10CFA5E04C3AE73B1EB48BA8F548622DE9D17799DF35C991C380

Function 000002674E193E10 Relevance: 1.7, Strings: 1, Instructions: 499COMMON

Download Yara Rule

Strings

%, xrefs: 000002674E19441E

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 31dc066f60dec5c20116c549c8edff8692e5cde31cbf9bbb8dc501f53c089c23
Instruction ID: 6791b308972cdb46491f85ffcad552eff612d21f1073ac16076b91674b630fef
Opcode Fuzzy Hash: 31dc066f60dec5c20116c549c8edff8692e5cde31cbf9bbb8dc501f53c089c23
Instruction Fuzzy Hash: 8F122332748A808AFB25CBB5F4583EE67B2EB567ACF044125DE4917B99DF39C445C380

Function 000002674E18E570 Relevance: 1.7, APIs: 1, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E18E88C

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 5725728a7d5880c26a14869a88820e8a502357b17066dbcef380198e4c18c99c
Instruction ID: dc6cbb0dfc1247a34494a007aa3d830007652dfb5f23ee27ec7affc1c493ee55
Opcode Fuzzy Hash: 5725728a7d5880c26a14869a88820e8a502357b17066dbcef380198e4c18c99c
Instruction Fuzzy Hash: 39A18772709B9889EB00CBA9E8883AD37B0F359B58F548516DF8D53B59DF3AC091C380

Function 000002674E18E250 Relevance: 1.7, APIs: 1, Instructions: 221COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E18E564

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: a70163d0b74f0bae0e352dcfd68d5cbc6f1094de50f1fd8400f9a81b72710518
Instruction ID: dd7fef15936c7656990559fcfd4dcbeeb7227daadbd5f0f06c06249082438dfa
Opcode Fuzzy Hash: a70163d0b74f0bae0e352dcfd68d5cbc6f1094de50f1fd8400f9a81b72710518
Instruction Fuzzy Hash: 87A19C72709B9889EB00CBA9E8883AD37B0F359B58F548516DF8D57B55DF3AC091C381

Function 000002674E18DF30 Relevance: 1.7, APIs: 1, Instructions: 221COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E18E244

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 70af4160fee7732a81d3346de3a9ab4de8a6a07c9c07957bea0c8618dbd08fb0
Instruction ID: 75576a4b51fb00de581cbe532700ad08c18846b65e17371d90e83508f9871789
Opcode Fuzzy Hash: 70af4160fee7732a81d3346de3a9ab4de8a6a07c9c07957bea0c8618dbd08fb0
Instruction Fuzzy Hash: DDA1AB32708B9889EB00CBA9E8883AD37B0F359B58F548516DF8D57B59DF3AC591C381

Function 000002674E18DC00 Relevance: 1.7, APIs: 1, Instructions: 220COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E18DF29

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: b5e0e21ec6c82c00fd5a72b22cf06e3cec2efb3b9fb948b51070eedc5c18d768
Instruction ID: a4d360faf462b7f52affec2fafdcef06c69c74dc10bddf955fa46f7a4d302845
Opcode Fuzzy Hash: b5e0e21ec6c82c00fd5a72b22cf06e3cec2efb3b9fb948b51070eedc5c18d768
Instruction Fuzzy Hash: 59A1BA32719B9889EB00CBA9E4883AD37B4F359B58F548516DF8D57B59DF3AC091C340

Function 000002674E18D900 Relevance: 1.7, APIs: 1, Instructions: 214COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E18DBF8

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: aa155d2428affaad3dff09cb27702bac1ee311a87af78df446814e3db2567fb8
Instruction ID: 01a1148294e318a3b30da2c6dd6cdc6a90837e63e189cacb81a6ca115405b2b0
Opcode Fuzzy Hash: aa155d2428affaad3dff09cb27702bac1ee311a87af78df446814e3db2567fb8
Instruction Fuzzy Hash: 36A1AB72709B9889EB00CBA9E4883AD77B4F359B98F548416CF8E57B55DF3AC091C381

Function 000002674E18E8A0 Relevance: 1.7, APIs: 1, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002674E18EB98

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 014629591955776a3e379f40fbc38e65614e09b97ba97b947780923ae4677d6c
Instruction ID: 66550b14a0d5a89cdb72c2ddc8c34e22aacebd7015f77b6d3983f03485658240
Opcode Fuzzy Hash: 014629591955776a3e379f40fbc38e65614e09b97ba97b947780923ae4677d6c
Instruction Fuzzy Hash: AEA1BD72709B9889EB00CB69E8883AD37B0F355B58F548416DF8E57B95DF3AC095C380

Function 000002674E1E274C Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 000002674E1E27AF

Part of subcall function 000002674E1DDE1C: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1DDE30

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _get_daylight_invalid_parameter_noinfo
String ID:
API String ID: 474895018-0
Opcode ID: 478d06da54e2b3a66e66189e0c84ed42d95a5f3c443f95b055d9117d1e8d888c
Instruction ID: 642eab6925046190fde4f4192bfe832acbf9ac3b8b0c04fda1d624805d8d92f7
Opcode Fuzzy Hash: 478d06da54e2b3a66e66189e0c84ed42d95a5f3c443f95b055d9117d1e8d888c
Instruction Fuzzy Hash: 7D610732B8C2A047FB648B6CB46C77F72E1A740778F195629FA66876D1DE66C840C7C0

Function 000002674E1C86B0 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000002674E1B956C: GetLastError.KERNEL32 ref: 000002674E1B957B
Part of subcall function 000002674E1B956C: FlsGetValue.KERNEL32 ref: 000002674E1B9590
Part of subcall function 000002674E1B956C: SetLastError.KERNEL32 ref: 000002674E1B961B

EnumSystemLocalesW.KERNEL32 ref: 000002674E1C874E

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 6f94e02c4e5af3f2d24d495b9659a8a16ccc68b84b60a7fb4290613ef45ef0e5
Instruction ID: 815b284695741f37f2e809e060ca7a0cbcd6d5d188a834a2615538345ada5d0d
Opcode Fuzzy Hash: 6f94e02c4e5af3f2d24d495b9659a8a16ccc68b84b60a7fb4290613ef45ef0e5
Instruction Fuzzy Hash: 4711CD77A486448AEB148F26E0897AA7BB0F390FF8F448116D669833C0DF25DAD1C780

Function 000002674E17B1C0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

., xrefs: 000002674E17B4C0

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: d7c440884c17b1e0119c1bf76a89def2a676133d0e6a7819e9ec44b59dc85dc0
Instruction ID: fd4206eebf82c09d6fdcb085ff86bd1c0c5573db72e7cdfad8a5fecd210f929e
Opcode Fuzzy Hash: d7c440884c17b1e0119c1bf76a89def2a676133d0e6a7819e9ec44b59dc85dc0
Instruction Fuzzy Hash: 48C18672258B8086EB608F25E44CF6F63B2F748BB8F554221EA5953794DF76DC81C380

Function 000002674E1C8780 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000002674E1B956C: GetLastError.KERNEL32 ref: 000002674E1B957B
Part of subcall function 000002674E1B956C: FlsGetValue.KERNEL32 ref: 000002674E1B9590
Part of subcall function 000002674E1B956C: SetLastError.KERNEL32 ref: 000002674E1B961B

EnumSystemLocalesW.KERNEL32 ref: 000002674E1C87FE

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 23455ccc0c183205af815f8f90c949c9b5771d78cdc52d32387f6d5e086aeed2
Instruction ID: 372cc65370ac075d788fb21ed9b258efba1404c3096cfda9058ed3919b1b6d45
Opcode Fuzzy Hash: 23455ccc0c183205af815f8f90c949c9b5771d78cdc52d32387f6d5e086aeed2
Instruction Fuzzy Hash: E001D472B483808AFB104F26F48D7AB76F1E740BB8F459222D665876C4EF7698C1C780

Function 000002674E1BCFF8 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 000002674E1BD047

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 3ad3dc04116331610f50ea24032eab0aa5ce82721b33bdf3b2c4282bed5d3594
Instruction ID: 6ce8b6a19703fb4b8149684d1daaf692056c53f42fa1c80dc03cca65650aa1ca
Opcode Fuzzy Hash: 3ad3dc04116331610f50ea24032eab0aa5ce82721b33bdf3b2c4282bed5d3594
Instruction Fuzzy Hash: 8FF08C72708B4083E700CB25F98D7AB7371E3887E4F058125EA9A83364CF39C5908380

Function 000002674E190885 Relevance: 1.5, APIs: 1, Instructions: 19comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32 ref: 000002674E1908D4
CoSetProxyBlanket.OLE32 ref: 000002674E190922

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: BlanketCreateInstanceProxy
String ID:
API String ID: 1899829610-0
Opcode ID: 2176c8afc786855b077dc832f5c45baebcf4524a083926ee920c6ccbf8625f2a
Instruction ID: bfd52dfd9d48143f03510fed31eb448eb5cd214593652fb4de4a0c4bcb4857a6
Opcode Fuzzy Hash: 2176c8afc786855b077dc832f5c45baebcf4524a083926ee920c6ccbf8625f2a
Instruction Fuzzy Hash: A2F01C76B49B409AFB21CB70E40C2AE7772F749B1CF544216CA8A52A54DF2AC549C7C0

Function 000002674E1BF60C Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 000002674E1BF96B

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 464dfa4c83a1cb36a3231215890441720f32f86cfff47949ad74be45281fce93
Instruction ID: 1fcdce7feb57c8d62ab28b937ec89210f00c22e625bdef77f73d6c2da0b5922c
Opcode Fuzzy Hash: 464dfa4c83a1cb36a3231215890441720f32f86cfff47949ad74be45281fce93
Instruction Fuzzy Hash: DEA157727087C48AEB21CF2AB8087AF77A5E758BA8F058121DECA47785DE3EC445C741

Function 000002674E1B640C Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

, xrefs: 000002674E1B65F2

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: c8c0e72bc119871c5b85316c786ffb1e00813fd8e725d0fad8a77cec11a74a0d
Instruction ID: b8035ed0c5c0db71948c92d876beceb445f3da7293f87f7b3e7d041b6d7e64b1
Opcode Fuzzy Hash: c8c0e72bc119871c5b85316c786ffb1e00813fd8e725d0fad8a77cec11a74a0d
Instruction Fuzzy Hash: 70B191B2A487448AE7658F39E45C37E3BB4E329B6CF240919CB8A47799CF36C451C781

Function 000002674E146770 Relevance: .8, Instructions: 804COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ecc5fde8d2de207e84c6efd4c763c26627f34c44f0a3e2290a945a0bf27fbe9
Instruction ID: 49ae6682103b41da8ba6033bbae0d1758d6a004b9541f46505ec6d7867489ea6
Opcode Fuzzy Hash: 6ecc5fde8d2de207e84c6efd4c763c26627f34c44f0a3e2290a945a0bf27fbe9
Instruction Fuzzy Hash: 13A2E572919FC88AD7718F29E8412DAB7B4F799788F105315EACC26B59EF38C250CB44

Function 000002674E149760 Relevance: .8, Instructions: 792COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c818c400f7f99635ff87755adcfa24266b134346301f2490f8a5ec602e6d4987
Instruction ID: 92615e300a098674829492513515230f3913d289622b3a046d064462fe7f763d
Opcode Fuzzy Hash: c818c400f7f99635ff87755adcfa24266b134346301f2490f8a5ec602e6d4987
Instruction Fuzzy Hash: A5B24F36515FC88ED7768F29AC853DA73A8F35979CF105229EB8C5AB1DEB3083649340

Function 000002674E19E143 Relevance: .7, Instructions: 696COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd5320e4fc1fa6aa4b9814b896660084761b987e267291dce0f087101a88708
Instruction ID: 5437b914b5cf55dd61a5cccd6a2b0eadbfd9db3c586e8033debed19b4d3f63f7
Opcode Fuzzy Hash: 1fd5320e4fc1fa6aa4b9814b896660084761b987e267291dce0f087101a88708
Instruction Fuzzy Hash: E0722A32648BC489EB718F65E8883DA77B5F349BACF505215DA9C1BB99DF39C280C740

Function 000002674E19E153 Relevance: .7, Instructions: 696COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed3dbf53fc4028370182dbf3e5fe94cb6d6997e6740396f2b2d77411637f3093
Instruction ID: 9f9325e609cfc9a31a1970fcd814e7734160c707d64c7c59f417e9bbac736a30
Opcode Fuzzy Hash: ed3dbf53fc4028370182dbf3e5fe94cb6d6997e6740396f2b2d77411637f3093
Instruction Fuzzy Hash: DF722A32648BC489EB718F65E8883DA77B5F349BACF505215DA9C1BB99DF39C280C740

Function 000002674E1DE1A8 Relevance: .6, Instructions: 626COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08a5a50627158813c623d4e5cb51a4fdefe75cac5403bb3d7e85f96f2ed2cfff
Instruction ID: 94ba01a18c921f81b598a1fb5f8a73393fe1472c010becf404a1ed0197812e7d
Opcode Fuzzy Hash: 08a5a50627158813c623d4e5cb51a4fdefe75cac5403bb3d7e85f96f2ed2cfff
Instruction Fuzzy Hash: 1C62A031DADE46CAE253CF35B85DB572374BB523E8F518703E81E67A50DF2AD4428A80

Function 000002674E126900 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce3d232bc6d3f07051b2921d649d913664c9ba3e6b849fb3c8405b5a9f64f184
Instruction ID: d1f74e60f0972a9afbce1d3e07002cafc5d26a151ce11c055862548e6581fae3
Opcode Fuzzy Hash: ce3d232bc6d3f07051b2921d649d913664c9ba3e6b849fb3c8405b5a9f64f184
Instruction Fuzzy Hash: 8912D432619FC88AD7618F29E84129AB3B4F79D798F105315EACC57B59EF38C250CB44

Function 000002674E1B6CA4 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9d93a74443c6f8ac6cedb0670b6b61eb984213f148bfa24390be1f61368f6b0
Instruction ID: 420801f898248651a87d1eeb66857ffa5616d223fe043b422510bb814d601d3f
Opcode Fuzzy Hash: e9d93a74443c6f8ac6cedb0670b6b61eb984213f148bfa24390be1f61368f6b0
Instruction Fuzzy Hash: D1D1C172A986448AEB688B29E05C3BF27B1E725B6CF540A06DEC5477D5CF37C846C780

Function 000002674E1B9FA4 Relevance: .3, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: c5683b5ab0db41bcb1323fa95207c310c2977e7ab6ae4716e61d197a6b5daa51
Instruction ID: d3bcce3fd257b8e8303a231317cbf4e75ac0836575e74af61da08626f5f7a943
Opcode Fuzzy Hash: c5683b5ab0db41bcb1323fa95207c310c2977e7ab6ae4716e61d197a6b5daa51
Instruction Fuzzy Hash: AEC1C53674878089EB609B62A81C3BF67B0F7947ACF404016DECA87795DF3AC545C780

Function 000002674E1477B0 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51ef0ac578645917856e162b7255db7289b9b2fec19e44a9d134a756b0a5b295
Instruction ID: eaba06014bb169d555068a7d9f029619018cdfc9a27a22a5f863e47887e975d1
Opcode Fuzzy Hash: 51ef0ac578645917856e162b7255db7289b9b2fec19e44a9d134a756b0a5b295
Instruction Fuzzy Hash: 6502D132A15FC88DE7228F39EC913D977B4F799798F105216EB9C2AB59EB348254C340

Function 000002674E1B679C Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37313e4d91971378b4c4ebfe0f4fd16e6e162cfaef336df67a8eef634e769e91
Instruction ID: b349d809900a7a22fda778202c7f73cf3723020649a5bac79b2a4cb646957db1
Opcode Fuzzy Hash: 37313e4d91971378b4c4ebfe0f4fd16e6e162cfaef336df67a8eef634e769e91
Instruction Fuzzy Hash: E1B16D72A487548EEB658F39E05C33E3BB0E329B6CF245929CA8A07395CF36C451C785

Function 000002674E191470 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d891d87693f37a7620722e5036b1d6734a998c987c863807eb95cc6e9321161d
Instruction ID: 0d1ecc84aac109cdf262bb58cbc40adc50b8932474fb0fa5daa5db0be60d820b
Opcode Fuzzy Hash: d891d87693f37a7620722e5036b1d6734a998c987c863807eb95cc6e9321161d
Instruction Fuzzy Hash: BA9182B76246808FD355CF19E440A4ABBA4F3D8B48F51E615EF8593B14E739DA06CF40

Function 000002674E1B83D0 Relevance: .2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3122cbdb49cd209c7d571a28d43a9570b111a50fb6fbee65f2f7a32fc1e4fc01
Instruction ID: 6c19bb1d0cff7fa9b5062931b9a8d85a0897598d1495e3db3b532c770b70aa69
Opcode Fuzzy Hash: 3122cbdb49cd209c7d571a28d43a9570b111a50fb6fbee65f2f7a32fc1e4fc01
Instruction Fuzzy Hash: 2B819072244A508AEB64DF65E49D3BE2374F784BACF144626EEAE87B95CF35C041C780

Function 000002674E127010 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e77e51a571294c47d83fb4e19e75fd85eff00a0cc81eb461c84f405b589c283
Instruction ID: b8fd784bba0835081d94155f3e2dba42861e5b117be004b16b6dacc330047930
Opcode Fuzzy Hash: 1e77e51a571294c47d83fb4e19e75fd85eff00a0cc81eb461c84f405b589c283
Instruction Fuzzy Hash: 49B1E232A15BC88DE7208F39E8413DEB3B4F79A798F505215EACC6AB59EB34C254C741

Function 000002674E1C013C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a79637e09c603694a07bf17c0bb50a9c478638dd2406be1bae50177a5a3912
Instruction ID: 731a0e083df66ff66e8d37dd6362f5366cabce73e87e54bac2d23922b0db5f90
Opcode Fuzzy Hash: d9a79637e09c603694a07bf17c0bb50a9c478638dd2406be1bae50177a5a3912
Instruction Fuzzy Hash: 1181C57224C7808AE774CB19B48C36BB6A1F3857A8F544219DB9D87B99DF3EC5818B40

Function 000002674E16CE50 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d1609d76aae511c1edeab3b8d14fd2ffd1ccd2070ce5fc9c49f5e0c20b9161a
Instruction ID: 9d916856fc6fab7f68d0b521de292e602d93254c35848d9bcf2862e79f2d16f8
Opcode Fuzzy Hash: 5d1609d76aae511c1edeab3b8d14fd2ffd1ccd2070ce5fc9c49f5e0c20b9161a
Instruction Fuzzy Hash: 3A61E4B2745AD883EE208F79E04D7EE6370F7547E8F458661EA5D07784DE3AD581C280

Function 000002674E1917A0 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fd1a8886b244ef549c759e362195161de7e5846fe9f3a2ce2d94e44a98cebc7
Instruction ID: 91bcaa23ecf9530163a08a41672712d7b85b8b57f0b72445244a044db686d79c
Opcode Fuzzy Hash: 7fd1a8886b244ef549c759e362195161de7e5846fe9f3a2ce2d94e44a98cebc7
Instruction Fuzzy Hash: 6361EE2321E2C48FD30EDF7C589106D7F61D3A7908788469DEAC5EBB4BC504C95ACBA6

Function 000002674E199330 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482e0394848c3e12cd66b979c184e45e97f38b3dba2f2b8e1e478abf0f74d34b
Instruction ID: bad83a968c98f226efe8435a2ad7099c264a51a07b11872a78146dff47082bc3
Opcode Fuzzy Hash: 482e0394848c3e12cd66b979c184e45e97f38b3dba2f2b8e1e478abf0f74d34b
Instruction Fuzzy Hash: 425104B3B0568443DB248B49F846796F7A5FB987C5F00A126EE8D57B68EB3CD580C700

Function 000002674E1B5DC4 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
Instruction ID: 2f92a295632530bd1f07ec2600be82442a608d1742040d9c58f3174e4c0097f9
Opcode Fuzzy Hash: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
Instruction Fuzzy Hash: 67518C72A586508AE7688F29E15D37EB7B2E354B6CF144109DE875B799CF22CC41C7C0

Function 000002674E1B5BDC Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09a4a0272fcb28be4f4c2347f47eb615663c13edcd1074745415d1c72bb9a049
Instruction ID: b61173ae2a7787bc17527fb86b5f5d4784ed35fcb67517fbcbf0f4fef61cedbe
Opcode Fuzzy Hash: 09a4a0272fcb28be4f4c2347f47eb615663c13edcd1074745415d1c72bb9a049
Instruction Fuzzy Hash: 7E519D72A586508AE7688F28E05C33E2BB2E355B6CF640204CF8A177D9CB22CC42C7C0

Function 000002674E1B59F4 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15eac905c6263da8fcd042729b4cf6c2eac0663125a33ca76778ac8e5de10585
Instruction ID: 6c260cbe513a8b878c815f7ee42b8a419547f722214d91926a54c07188bb912a
Opcode Fuzzy Hash: 15eac905c6263da8fcd042729b4cf6c2eac0663125a33ca76778ac8e5de10585
Instruction Fuzzy Hash: 1A515976A986508AE7289F28E19C33E27B2E355B6CF154115DE8B2B7D9CB32DC41C7C0

Function 000002674E1F6168 Relevance: .1, Instructions: 130COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1276585151577c5049716043ce568e71c08712838c9400709ab3047a6a4253b
Instruction ID: dc8222de84fe17ce10442f753468e69570d3e34f5dc8c21eb9df4447f780f5ba
Opcode Fuzzy Hash: a1276585151577c5049716043ce568e71c08712838c9400709ab3047a6a4253b
Instruction Fuzzy Hash: C54106FB5CDAC44AF3924B785C7E25B3FB1A7E6E28F0D949AC780471C3A957080586C1

Function 000002674E1CB230 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 893cde930e78cc51105ec5636604812294eefaa0d4abf3a70b7ba8ed9ec5214d
Instruction ID: 8b989cd9d1d6a6c426b6dc5873b9171c04d8629fe95ec40da3cdc70cbb1bb7fc
Opcode Fuzzy Hash: 893cde930e78cc51105ec5636604812294eefaa0d4abf3a70b7ba8ed9ec5214d
Instruction Fuzzy Hash: 6E41B732714E5442EF04CF6AE91C65AB3A1A748FE8F4A9522DE0EC7B54DF3DC4828340

Function 000002674E1F6368 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98cd094313ed2037ccc8782024778216330ac1f2612bd7d9e2e2b2ae76f12b02
Instruction ID: 6a8000111db9dac228bcc61299dcaf553dcaf9b3705cd64dd4e261030beecbc4
Opcode Fuzzy Hash: 98cd094313ed2037ccc8782024778216330ac1f2612bd7d9e2e2b2ae76f12b02
Instruction Fuzzy Hash: 973162F758DEC40AF7921B7C9D7E25B2FB1E39AE28F4E84998784031C7AC57280596C1

Function 000002674E1F6160 Relevance: .1, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14e20909d8fae815a2a236acf6c5cc8b831a1dabc23c65dc1f3470caa292b9f8
Instruction ID: 47b7c102baa6a7594fc9d89252aa4a3a8b036c38bc90cb2fb661a018ff5d6977
Opcode Fuzzy Hash: 14e20909d8fae815a2a236acf6c5cc8b831a1dabc23c65dc1f3470caa292b9f8
Instruction Fuzzy Hash: F93102FB5CDAC44AF3934B785C7E24B3FB0A7E6E28F0D84968780471C7A957180586C1

Function 000002674E1F6140 Relevance: .1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cc7beeee5fada05c663dfdd44f81150fdbeb992a14920ca678986335bb5f39c
Instruction ID: fb22eed10572299d3cc05addffad1f8a233b015553c832517ec9a06b22efc591
Opcode Fuzzy Hash: 1cc7beeee5fada05c663dfdd44f81150fdbeb992a14920ca678986335bb5f39c
Instruction Fuzzy Hash: 9C31B1EB5CDAC40AF3924B785D7E35B3FB097E6E28F0D849A8780471C7A947590586C1

Function 000002674E1F6398 Relevance: .1, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d7b787d11b41dbc44b4748bdbefcc21f6dfd1e357da298ee2112c9f988ea8d8
Instruction ID: 3e99707aff22921471661166e9b26e511e44c560f8bdcf01c2e5210b7e001ec1
Opcode Fuzzy Hash: 8d7b787d11b41dbc44b4748bdbefcc21f6dfd1e357da298ee2112c9f988ea8d8
Instruction Fuzzy Hash: A02130F758DEC40AF7921B7C9D7E25B2FB1E39AE28F4E84A98784031C7AC57180596C1

Function 000002674E1F62E0 Relevance: .1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aed357bd1e5aa7fadd1eb61ba27027061c862cb839a1155f22db4f4389644ef
Instruction ID: 1f19cf8fef1548c7aad9c74d6cc121b745e2b0b0900be9a58aac69d5af530d48
Opcode Fuzzy Hash: 8aed357bd1e5aa7fadd1eb61ba27027061c862cb839a1155f22db4f4389644ef
Instruction Fuzzy Hash: 531136F754EAC40BF3920F785E6E24B3FB0A795E18F4D8459C784031C7AD17680596C1

Function 000002674E1F66F0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b62692185f0952021f42339d391be37b2b68d69df015e7583d467e4b8e0e3d8f
Instruction ID: 77b4834225d0ad8f24c23c54e64a4ca77c78d2e126c81db338b1b54ed89edecc
Opcode Fuzzy Hash: b62692185f0952021f42339d391be37b2b68d69df015e7583d467e4b8e0e3d8f
Instruction Fuzzy Hash: FA01A1E794EBC04EE3535B781C7E1093FB0A79A914B8E8597C381872C3D54A4C0983E2

Function 000002674E1F66C0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77fbf8e923f89f056e9526ecdb34e03657dccd48feaa973093d3c497ed56ed7a
Instruction ID: 50a8b8e8edbc0f4079a8ade28d8a11991279aa70de32ae00e43282b3072bf40d
Opcode Fuzzy Hash: 77fbf8e923f89f056e9526ecdb34e03657dccd48feaa973093d3c497ed56ed7a
Instruction Fuzzy Hash: E3D0C9EFD4DC8546F96147782CBE2C90FA1EB6B6B9F691C49A7B44229739035C0F0AC1

Function 000002674E1F66D0 Relevance: .0, Instructions: 1COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b1fcfa14c0485fe98eea24fc35bc54b37c1f2dff9bda23e3120baaeca383856
Instruction ID: 6a1d3ce7e83bc00a4c4da626c6c2e274129735229b0081f27947ab72509394b1
Opcode Fuzzy Hash: 5b1fcfa14c0485fe98eea24fc35bc54b37c1f2dff9bda23e3120baaeca383856
Instruction Fuzzy Hash:

Function 000002674E190380 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000002674E1903D4
Process32FirstW.KERNEL32 ref: 000002674E190418
Process32NextW.KERNEL32 ref: 000002674E19042D
OpenProcess.KERNEL32 ref: 000002674E19046B
OpenProcessToken.ADVAPI32 ref: 000002674E190492
GetTokenInformation.ADVAPI32 ref: 000002674E1904BD
GetLastError.KERNEL32 ref: 000002674E1904CB
GetTokenInformation.ADVAPI32 ref: 000002674E19050B
ConvertSidToStringSidA.ADVAPI32 ref: 000002674E190522
CloseHandle.KERNEL32 ref: 000002674E190596
CloseHandle.KERNEL32 ref: 000002674E1905A1
DuplicateTokenEx.ADVAPI32 ref: 000002674E1905D6
CloseHandle.KERNEL32 ref: 000002674E1905ED

Part of subcall function 000002674E1B798C: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1B79A9

CloseHandle.KERNEL32 ref: 000002674E1905FB
CloseHandle.KERNEL32 ref: 000002674E190606
Process32NextW.KERNEL32 ref: 000002674E190613
CloseHandle.KERNEL32 ref: 000002674E190638
CloseHandle.KERNEL32 ref: 000002674E190641
CloseHandle.KERNEL32 ref: 000002674E190656

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: CloseHandle$Token$Process32$InformationNextOpenProcess$ConvertCreateDuplicateErrorFirstLastSnapshotStringToolhelp32_invalid_parameter_noinfo
String ID:
API String ID: 1854266383-0
Opcode ID: 95c02c708e2dd0fc13a943db0dc148411871edf296a3fb3e701c8bc9c21aef15
Instruction ID: 86a58890c7e379096fc7c6e913260743df2e571e32ae914197fb70682fa0eeeb
Opcode Fuzzy Hash: 95c02c708e2dd0fc13a943db0dc148411871edf296a3fb3e701c8bc9c21aef15
Instruction Fuzzy Hash: 14813932258B8086EB50CB22F84C76BB3B5F7C9BA8F404515EE9A47B58DF7AC544C780

Function 000002674E1B956C Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000002674E1B957B
FlsGetValue.KERNEL32 ref: 000002674E1B9590
FlsSetValue.KERNEL32 ref: 000002674E1B95B1
FlsSetValue.KERNEL32 ref: 000002674E1B95DE
FlsSetValue.KERNEL32 ref: 000002674E1B95EF
FlsSetValue.KERNEL32 ref: 000002674E1B9600
SetLastError.KERNEL32 ref: 000002674E1B961B
FlsGetValue.KERNEL32 ref: 000002674E1B9651
FlsSetValue.KERNEL32 ref: 000002674E1B9670

Part of subcall function 000002674E1BCF4C: HeapAlloc.KERNEL32 ref: 000002674E1BCFA1

FlsSetValue.KERNEL32 ref: 000002674E1B9698

Part of subcall function 000002674E1BC8E4: HeapFree.KERNEL32 ref: 000002674E1BC8FA
Part of subcall function 000002674E1BC8E4: GetLastError.KERNEL32 ref: 000002674E1BC904

FlsSetValue.KERNEL32 ref: 000002674E1B96A9
FlsSetValue.KERNEL32 ref: 000002674E1B96BA

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Value$ErrorLast$Heap$AllocFree
String ID:
API String ID: 570795689-0
Opcode ID: 9149da2b617047b16655290e3171b53232e19cbea25b6a6d8123559a7d664372
Instruction ID: ad6f5454e56b2dddec0015b95acd2c5852b01048f1b29875ed553dafaffee781
Opcode Fuzzy Hash: 9149da2b617047b16655290e3171b53232e19cbea25b6a6d8123559a7d664372
Instruction Fuzzy Hash: 0441E3703CC6414AFA58A332B95D37B61764F547BCF094B25A8BA0B6D3DE2B944297C0

Function 000002674E16FFD0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 213COMMON

Download Yara Rule

Strings

key declared, but no value, xrefs: 000002674E1715F7, 000002674E17161A, 000002674E17171C
unexpected key without object, xrefs: 000002674E17167E
word wasnt properly ended, xrefs: 000002674E1716ED, 000002674E171768
key opened, but never closed, xrefs: 000002674E17173F
unexpected '}', xrefs: 000002674E17178B
object is not closed with '}', xrefs: 000002674E1715B1
No closed word, xrefs: 000002674E1716A7, 000002674E1716CA
quote was opened but not closed., xrefs: 000002674E1715D4, 000002674E17163D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: No closed word$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 0-2700065129
Opcode ID: 54f9e4c533da8cc83bdbcfe6076038442e444a18dbcd0ad599e53e28fcfb47a6
Instruction ID: aee29fd7a4408c4ce77142bffe307cc000ef0371fb723636ce4b006f24bea900
Opcode Fuzzy Hash: 54f9e4c533da8cc83bdbcfe6076038442e444a18dbcd0ad599e53e28fcfb47a6
Instruction Fuzzy Hash: 34A13E31658EC6A4EB60EF24F88C3DB7374F79036CF905512E64A0696AEF75C689C780

Function 000002674E1960C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E19613E
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000002674E196187
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E196303
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E196316
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E19631C

Strings

false, xrefs: 000002674E19620E
bad locale name, xrefs: 000002674E196309
true, xrefs: 000002674E19623B

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: f2c583cc08c2fc1c24db8880ae22343201fbab21c815b86846b4fc8c7bc58cd0
Instruction ID: fac64ed7872bef99a0ea1a34b57990868196eb2e0b5dbd6766a628b91ea78001
Opcode Fuzzy Hash: f2c583cc08c2fc1c24db8880ae22343201fbab21c815b86846b4fc8c7bc58cd0
Instruction Fuzzy Hash: 35719B32749B408AEB11DF70F4583AE33B2EB8572CF140624DE8927AAADF39C451C784

Function 000002674E1A4E80 Relevance: 13.6, APIs: 9, Instructions: 127COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 000002674E1A4EE4
GetProcessId.KERNEL32 ref: 000002674E1A4EED
RmStartSession.RSTRTMGR ref: 000002674E1A4F1C
RmRegisterResources.RSTRTMGR ref: 000002674E1A4F45
RmGetList.RSTRTMGR ref: 000002674E1A4F7E
RmGetList.RSTRTMGR ref: 000002674E1A4FE0
RmEndSession.RSTRTMGR ref: 000002674E1A501C

Part of subcall function 000002674E1CE1C0: EnterCriticalSection.KERNEL32 ref: 000002674E1CE1D0

RmEndSession.RSTRTMGR ref: 000002674E1A5054
RmEndSession.RSTRTMGR ref: 000002674E1A5069

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Session$ListProcess$CriticalCurrentEnterRegisterResourcesSectionStart
String ID:
API String ID: 3572076967-0
Opcode ID: a35c6fe72c13dad0c03fe2dbd95fe45af4d9ce3c3bea894cf2d167248458fb9f
Instruction ID: 8bf7ffe73a17819f9303f54ab2ced8d36346ed5be7b370da45c8a4c94a87e380
Opcode Fuzzy Hash: a35c6fe72c13dad0c03fe2dbd95fe45af4d9ce3c3bea894cf2d167248458fb9f
Instruction Fuzzy Hash: 91511C72B48A008AF710CFA5F95C7AE73B1F788768F404525DA4AA7A98DF36C905C7C0

Function 000002674E1B46C4 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1B4708
_invalid_parameter_noinfo.LIBCMT ref: 000002674E1B4AE0
_invalid_parameter_noinfo.LIBCMT ref: 000002674E1B4D8B

Strings

p, xrefs: 000002674E1B47BA
0, xrefs: 000002674E1B4B30
p, xrefs: 000002674E1B4832
f, xrefs: 000002674E1B482A

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$f$p$p
API String ID: 3215553584-1202675169
Opcode ID: 52987e50f1db9deef54869d210a835d1c4791c89626e79df4bbc7dc00e5fb524
Instruction ID: 4ee34a0dc7bd0dc595ff6b5d86548f215f0f9148263ab53ef7e79a52dd3a16c2
Opcode Fuzzy Hash: 52987e50f1db9deef54869d210a835d1c4791c89626e79df4bbc7dc00e5fb524
Instruction Fuzzy Hash: 1B12AF3264C2518AFB20AB15F05C7BB76B1F340B68F948116E7D2876C8EF3EC5848B94

Function 000002674E1BD074 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 000002674E1BD1F3
GetProcAddress.KERNEL32 ref: 000002674E1BD1FF

Strings

api-ms-, xrefs: 000002674E1BD13D
ext-ms-, xrefs: 000002674E1BD150

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 11773e365cd412d7a76d792911502b683686e1c6c513d2bf19565073d050b19b
Instruction ID: cbf979061db0161693288f975fd0b7145ef99732ec5503fd73929eae17ff77ef
Opcode Fuzzy Hash: 11773e365cd412d7a76d792911502b683686e1c6c513d2bf19565073d050b19b
Instruction Fuzzy Hash: 9C41E171359A0086FB19DB16BC0C36B63B6B745BF8F0945259D5A8B798EF3EC44583C0

Function 000002674E196500 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 000002674E196569
InternetOpenUrlA.WININET ref: 000002674E19659E
InternetReadFile.WININET ref: 000002674E1965BF
InternetReadFile.WININET ref: 000002674E1965FF
InternetCloseHandle.WININET ref: 000002674E19660C
InternetCloseHandle.WININET ref: 000002674E196615

Strings

File Downloader, xrefs: 000002674E196562

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandleOpenRead
String ID: File Downloader
API String ID: 4038090926-3631955488
Opcode ID: ecf15071ea5af7eb00f2f65c016d9ace3b271b52a974d1f9444f993ae54cec16
Instruction ID: a77e5d671babffa407a940131666c6701c2658fa60ed48530ff25b965fa891e1
Opcode Fuzzy Hash: ecf15071ea5af7eb00f2f65c016d9ace3b271b52a974d1f9444f993ae54cec16
Instruction Fuzzy Hash: F7319E72258B8086EB10CF21F85879BB371F789BD8F544425EE8943B58DF7AC195CB80

Function 000002674E1CBF2C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 000002674E1CBF5D
GetLastError.KERNEL32 ref: 000002674E1CBF69
CloseHandle.KERNEL32 ref: 000002674E1CBF81
CreateFileW.KERNEL32 ref: 000002674E1CBFAC
WriteConsoleW.KERNEL32 ref: 000002674E1CBFCB

Strings

CONOUT$, xrefs: 000002674E1CBF8D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 0dddb6de3d597d68cfacc53ab6be1cbd4af4669a405a6786b7c60127ef89aaa0
Instruction ID: a54f38cea7ef6845c5a65b6f366e6da1fc5485c6c546457cd2b2bba36e42e7ac
Opcode Fuzzy Hash: 0dddb6de3d597d68cfacc53ab6be1cbd4af4669a405a6786b7c60127ef89aaa0
Instruction Fuzzy Hash: D0115831618A9086E7508B52F85C72BB2B0F78CFF8F044224EA5A877A4CF7AC84487C0

Function 000002674E1DD3E4 Relevance: 9.2, APIs: 6, Instructions: 240COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 000002674E1DD48D
MultiByteToWideChar.KERNEL32 ref: 000002674E1DD530
MultiByteToWideChar.KERNEL32 ref: 000002674E1DD5D1
MultiByteToWideChar.KERNEL32 ref: 000002674E1DD61B
MultiByteToWideChar.KERNEL32 ref: 000002674E1DD6B2
CompareStringEx.KERNEL32 ref: 000002674E1DD6E5

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 92bac5e0378c4bd192cc901063e9eb12bd808531ab6fa154afa5c1adc07e564a
Instruction ID: d8a294ddf560f050de907b8609199213fffa57bdc36d7c9cd74f91082d1728a5
Opcode Fuzzy Hash: 92bac5e0378c4bd192cc901063e9eb12bd808531ab6fa154afa5c1adc07e564a
Instruction Fuzzy Hash: BAA1C27238878046FB318F25A44CBAB66B1A745BBCF4847219A7947BC5DF7AE84483C0

Function 000002674E190B80 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 471COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.ADVAPI32 ref: 000002674E190F78
RevertToSelf.ADVAPI32 ref: 000002674E190F96

Strings

APPB, xrefs: 000002674E1910B7

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ImpersonateLoggedRevertSelfUser
String ID: APPB
API String ID: 1724704203-1278849820
Opcode ID: 0cdcb25afdf0f537736c0c9d6cf5e32dbc2d09c82f56beca2433bdeeb49a7e2e
Instruction ID: cb96efea9cf19b043940e2e0936d2ce9b70f60499a5582a7d3892c03d892a931
Opcode Fuzzy Hash: 0cdcb25afdf0f537736c0c9d6cf5e32dbc2d09c82f56beca2433bdeeb49a7e2e
Instruction Fuzzy Hash: 8A12A172798A8089FB009BB8E45C39E2772E7467BCF505701EA6D57ADADF76C081C380

Function 000002674E1DD088 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 000002674E1DD0FA
MultiByteToWideChar.KERNEL32 ref: 000002674E1DD1A2
LCMapStringEx.KERNEL32 ref: 000002674E1DD1D9
LCMapStringEx.KERNEL32 ref: 000002674E1DD232
LCMapStringEx.KERNEL32 ref: 000002674E1DD2DF
WideCharToMultiByte.KERNEL32 ref: 000002674E1DD321

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: e031dea7b6db84cb520ba2c45569280d6f7d95c207c4d1fed0011a78314f5e9f
Instruction ID: cdeca53ece8611dc980cc1b8edcc565fd78578b1cfc9ae6ac5b1082e1e85ae2e
Opcode Fuzzy Hash: e031dea7b6db84cb520ba2c45569280d6f7d95c207c4d1fed0011a78314f5e9f
Instruction Fuzzy Hash: 06819D7224874086EB608F61E44CB6BA7B1FB84BBCF140725EA6957BD8DF3ED4458780

Function 000002674E1B96E4 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000002674E1B96F3
FlsSetValue.KERNEL32(?,?,8000000000000000,000002674E1B54D5,?,?,?,?,000002674E1BC918), ref: 000002674E1B9729
FlsSetValue.KERNEL32(?,?,8000000000000000,000002674E1B54D5,?,?,?,?,000002674E1BC918), ref: 000002674E1B9756
FlsSetValue.KERNEL32(?,?,8000000000000000,000002674E1B54D5,?,?,?,?,000002674E1BC918), ref: 000002674E1B9767
FlsSetValue.KERNEL32(?,?,8000000000000000,000002674E1B54D5,?,?,?,?,000002674E1BC918), ref: 000002674E1B9778
SetLastError.KERNEL32 ref: 000002674E1B9793

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 2dd89ab11e2baa6b4167660281107f76443598ebfbf3f707a767af27e6dfaef9
Instruction ID: 964642533e773dce010b1b30164146a02af71963811772b4b7a2b487c7545cdf
Opcode Fuzzy Hash: 2dd89ab11e2baa6b4167660281107f76443598ebfbf3f707a767af27e6dfaef9
Instruction Fuzzy Hash: 6C11B43438C6814AFA58A731BA5D33B61B29B447BCF144754A9FA07BD7DE2B84029BC0

Function 000002674E14F960 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 000002674E14F9BF

Part of subcall function 000002674E1DB4EC: AreFileApisANSI.KERNEL32 ref: 000002674E1DB4FE

__std_exception_destroy.LIBVCRUNTIME ref: 000002674E14FC57

Strings

: ", xrefs: 000002674E14FA68
", ", xrefs: 000002674E14FA9B

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ApisFile__std_exception_destroy__std_fs_code_page
String ID: ", "$: "
API String ID: 376971205-747220369
Opcode ID: 6ce0c9ac678dfffe8216c01570fe0d4b0f0602c9a03263713264cb1912163c92
Instruction ID: e62a392bc5b3f7d9ec364d62fb38e3aaf5fb891336f1f82afb3b1d867f774598
Opcode Fuzzy Hash: 6ce0c9ac678dfffe8216c01570fe0d4b0f0602c9a03263713264cb1912163c92
Instruction Fuzzy Hash: 81A1BE72389A8095EB00DF65E05C3AE2372F748BACF505522DE5D47B9ADF7AC496C380

Function 000002674E1C089C Relevance: 7.7, APIs: 5, Instructions: 196COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 000002674E1C08DF
_set_statfp.LIBCMT ref: 000002674E1C08FD
_set_statfp.LIBCMT ref: 000002674E1C0926
_set_statfp.LIBCMT ref: 000002674E1C0B5F

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: c69ac79b0f3061c2541803769b5ffd1031012cb060908421cb0413baa5a14296
Instruction ID: 27c0ebe970b98a29b4b104079901a263ca7fe2b8483c534fca94b2bd36df684f
Opcode Fuzzy Hash: c69ac79b0f3061c2541803769b5ffd1031012cb060908421cb0413baa5a14296
Instruction Fuzzy Hash: D981E23668CA4445F7768F38B45C36BA2B0FB497BCF044305AB9AA65D4DF36C9C18A80

Function 000002674E1CD374 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 000002674E1CD39C
_set_statfp.LIBCMT ref: 000002674E1CD3B7
_set_statfp.LIBCMT ref: 000002674E1CD3D3
_set_statfp.LIBCMT ref: 000002674E1CD40F

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 81687dc7f27f0f699236e27e88451408a0877f0e146ecd1626c1fdba7a84f29b
Instruction ID: 69ae8e61fd8bccc7610ed3aec7d4d904175963c35a87f51b84e413a47e39fc2e
Opcode Fuzzy Hash: 81687dc7f27f0f699236e27e88451408a0877f0e146ecd1626c1fdba7a84f29b
Instruction Fuzzy Hash: 1811A3B6BDCA0401F7551369F44E36F1070AB5437CF541775AAA6CA6D6CF36CCC26181

Function 000002674E1B97AC Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,000002674E1B0CC7,?,?,00000000,000002674E1B0F62,?,?,?,?,8000000000000000,000002674E1B0EEE), ref: 000002674E1B97CB
FlsSetValue.KERNEL32(?,?,?,000002674E1B0CC7,?,?,00000000,000002674E1B0F62,?,?,?,?,8000000000000000,000002674E1B0EEE), ref: 000002674E1B97EA
FlsSetValue.KERNEL32(?,?,?,000002674E1B0CC7,?,?,00000000,000002674E1B0F62,?,?,?,?,8000000000000000,000002674E1B0EEE), ref: 000002674E1B9812
FlsSetValue.KERNEL32(?,?,?,000002674E1B0CC7,?,?,00000000,000002674E1B0F62,?,?,?,?,8000000000000000,000002674E1B0EEE), ref: 000002674E1B9823
FlsSetValue.KERNEL32(?,?,?,000002674E1B0CC7,?,?,00000000,000002674E1B0F62,?,?,?,?,8000000000000000,000002674E1B0EEE), ref: 000002674E1B9834

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 5bf10b8481cea46eb87718f866eeea3d889c5210f9494361ea54e7e462e3d6ed
Instruction ID: 3dda2727a2d19490e98f78bf0cb4b8c50ea4673a4ba292db0dd65b55ff014e24
Opcode Fuzzy Hash: 5bf10b8481cea46eb87718f866eeea3d889c5210f9494361ea54e7e462e3d6ed
Instruction Fuzzy Hash: 5F11D33078C64149FA589722BA4D33B71714B443B8F088325A8BA06BE7DE2AD4429280

Function 000002674E1E15EC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1E18CB

Part of subcall function 000002674E1CBB10: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1CBB2D

Strings

UTF-16LEUNICODE, xrefs: 000002674E1E1869
ccs, xrefs: 000002674E1E1806
UTF-8, xrefs: 000002674E1E184A

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: a2f026dd96aebdf64aff9fb5689b0f0a5eaee935ffed21609211921be484b338
Instruction ID: 2731e99ae9d7c4063952dd3f2026f94e5295c1a4e5a2d6b88e29cbd1dc3985de
Opcode Fuzzy Hash: a2f026dd96aebdf64aff9fb5689b0f0a5eaee935ffed21609211921be484b338
Instruction Fuzzy Hash: D1818C76B8C20087FB658F2DA15CB7F36B1B311FACF598205EA0257295DB2BC88197C1

Function 000002674E1683A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E16840F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000002674E168457
_Getcoll.LIBCPMT ref: 000002674E16848B

Strings

bad locale name, xrefs: 000002674E168590

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1287851536-1405518554
Opcode ID: 44b4cec343d40886e1e7ad76c2554702c5d9f8b9f81e0270ea62f239af0d16be
Instruction ID: b4b11fc69df32338e62fede00933464f2c50d940c857eb0cb119259271cb35e5
Opcode Fuzzy Hash: 44b4cec343d40886e1e7ad76c2554702c5d9f8b9f81e0270ea62f239af0d16be
Instruction Fuzzy Hash: 8C718A3274AB408AFB14CFB4E4983AE33B6AB44B6CF044525DE592BA99DE36C451C3C4

Function 000002674E17B5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 000002674E17B7A0
__std_exception_destroy.LIBVCRUNTIME ref: 000002674E17B7AD

Strings

at line , xrefs: 000002674E17B64A
, column , xrefs: 000002674E17B678

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: __std_exception_destroy
String ID: at line $, column
API String ID: 2453523683-191570568
Opcode ID: a747c9751213463625fbff00866fd76cd910883607fb28ded870c6f093becd07
Instruction ID: 929726b46499a4cd32b55f8a95c7c0d611766b884ee6fbc7b06300ea9c84bacc
Opcode Fuzzy Hash: a747c9751213463625fbff00866fd76cd910883607fb28ded870c6f093becd07
Instruction Fuzzy Hash: 8C51B572658B8082EA10DB15F18C75F6772F785BE8F104211EBA807BDADF7AC491C780

Function 000002674E14E7E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E14E84E
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000002674E14E896
_Getctype.LIBCPMT ref: 000002674E14E8D4

Strings

bad locale name, xrefs: 000002674E14E98D

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1612978173-1405518554
Opcode ID: 7c5dc37f1ce31c7cc423577a9b21c9b6a6365d6faf8c87315cdadd9cc0908209
Instruction ID: cba31a9a347e8d7b5eb38959833d0f05ceb882e8a246e771b94141a0dc19100a
Opcode Fuzzy Hash: 7c5dc37f1ce31c7cc423577a9b21c9b6a6365d6faf8c87315cdadd9cc0908209
Instruction Fuzzy Hash: C3515A32789B408AFB04CF70E5883EE3375EB4475CF044929DA492BA99EF35C525D384

Function 000002674E1A2040 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 000002674E1A20CB

Strings

?, xrefs: 000002674E1A2080

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: Open
String ID: ?
API String ID: 71445658-1684325040
Opcode ID: 0fe5ad08d041bdafa09c3da29caaf98c2d41aae422f367317a8d547301fe6694
Instruction ID: 7fa79d7043ad2a7c54e7871eb7175cf15f62e94257c374ee143606ce49968cbd
Opcode Fuzzy Hash: 0fe5ad08d041bdafa09c3da29caaf98c2d41aae422f367317a8d547301fe6694
Instruction Fuzzy Hash: 9C41AB72758B8082EB10CB25F48836FB771F7997E8F505215FB9942A99DF79C094CB80

Function 000002674E1BBBF8 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 000002674E1BBC7F
WriteFile.KERNEL32 ref: 000002674E1BBF46
WriteFile.KERNEL32 ref: 000002674E1BBF8F
GetLastError.KERNEL32 ref: 000002674E1BC050

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: ca085b0e8f0622164bcb5eeb9b62e38fcc89866fc0b97dcf386853e0d4b10385
Instruction ID: ccf895462f418dd5a83997151108e053b88f10842f0e55c5d6357fcb2f115862
Opcode Fuzzy Hash: ca085b0e8f0622164bcb5eeb9b62e38fcc89866fc0b97dcf386853e0d4b10385
Instruction Fuzzy Hash: D6D1E132B48A848EEB10CF79E4486AE37B1F3547ACF144216DE9D97B99CE36C546C780

Function 000002674E1BC5D4 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 000002674E1BC6F7
GetLastError.KERNEL32 ref: 000002674E1BC781

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 6b60d506c3f30cc3699963e06d633ced3a4f7ad44ff6771a51fe5f78e0193168
Instruction ID: b9db0fa838012311264d76e758dea514fcf8b70b3a14f69e16456250f2307b29
Opcode Fuzzy Hash: 6b60d506c3f30cc3699963e06d633ced3a4f7ad44ff6771a51fe5f78e0193168
Instruction Fuzzy Hash: B891F272A586908AFB50CB69A48C7BF37B0F3447ACF445146DEAA53695DF36C482C390

Function 000002674E1E29C4 Relevance: 6.2, APIs: 4, Instructions: 159COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000002674E1E2A05
_invalid_parameter_noinfo.LIBCMT ref: 000002674E1E2A85
_invalid_parameter_noinfo.LIBCMT ref: 000002674E1E2AD9
_get_daylight.LIBCMT ref: 000002674E1E2B31

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo$_get_daylight
String ID:
API String ID: 72036449-0
Opcode ID: c326f4a23d9720df872ca245bb9d5f9d3b5c1a0ecfc9e75a475ccc2f369592b4
Instruction ID: 37b64a3488f28f04e4bb52df78309075619a6423d2c919ed3ea5b13c29216f57
Opcode Fuzzy Hash: c326f4a23d9720df872ca245bb9d5f9d3b5c1a0ecfc9e75a475ccc2f369592b4
Instruction Fuzzy Hash: EE51BD3268C24187F7794F2CB52C37F76B0B38473CF194525AA4266AD6DE6AC880C7C1

Function 000002674E16E04E Relevance: 6.1, APIs: 4, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52fc06e67e27b6edff84cb747008be164aaf46ee979e8c305d596af373f75300
Instruction ID: 91bc89ea6054dd854bb4a7f87ac96161793269f1085c007c030ff6366f2bef35
Opcode Fuzzy Hash: 52fc06e67e27b6edff84cb747008be164aaf46ee979e8c305d596af373f75300
Instruction Fuzzy Hash: 6F41083274874447EA245F31B58C79FA2B1AB447B8F140724AFAA07BD6DF3AD1918780

Function 000002674E1A55F0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 000002674E1A5610
FreeEnvironmentStringsW.KERNEL32 ref: 000002674E1A570B
RtlInitUnicodeString.NTDLL ref: 000002674E1A577E
RtlInitUnicodeString.NTDLL ref: 000002674E1A578B

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: EnvironmentInitStringStringsUnicode$Free
String ID:
API String ID: 2488768755-0
Opcode ID: f3b4b1024bc5240d9d05f18a8e699e4bdfb592a5c05bdfc4938c2f99593866f5
Instruction ID: ded9ad03815d6e3ba7411f7da2937b04343a915fe3e62d9163b546debd69e9f4
Opcode Fuzzy Hash: f3b4b1024bc5240d9d05f18a8e699e4bdfb592a5c05bdfc4938c2f99593866f5
Instruction Fuzzy Hash: C8518A72A18B80C2EB108F25F54836E7770F798BA8F549205EB9903BA5DF79D1E1C380

Function 000002674E162140 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 000002674E1DC5AC: std::_Lockit::_Lockit.LIBCPMT ref: 000002674E1DC5C9
Part of subcall function 000002674E1DC5AC: std::locale::_Setgloballocale.LIBCPMT ref: 000002674E1DC5EC

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E162181
std::_Lockit::_Lockit.LIBCPMT ref: 000002674E1621A6
std::_Facet_Register.LIBCPMT ref: 000002674E162252
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E1622B4

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
String ID:
API String ID: 3698853521-0
Opcode ID: bb669478207201f0d6aad3e746d74185770434263953bfbc06078ba4d2e3e7b5
Instruction ID: 540639a5b0cbccafaf1ab133caf293ffca889f9703d27c91d1bb5d615c0238e4
Opcode Fuzzy Hash: bb669478207201f0d6aad3e746d74185770434263953bfbc06078ba4d2e3e7b5
Instruction Fuzzy Hash: B4419E32258B4082EA10DF25F48C7AB73B4F748BB8F591526EA9D037A5DF3AC441C780

Function 000002674E195DA0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E195DCB
std::_Lockit::_Lockit.LIBCPMT ref: 000002674E195DF0
std::_Facet_Register.LIBCPMT ref: 000002674E195E9B
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E195EE6

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: bc66d5e23df93b0c942b80fe2c5823ab9021a420d770de9600f65181aad1012b
Instruction ID: b88c66c92effb64230ae03e36fafece3bc8974436f5f825473ddf88cbc0c2657
Opcode Fuzzy Hash: bc66d5e23df93b0c942b80fe2c5823ab9021a420d770de9600f65181aad1012b
Instruction Fuzzy Hash: 2541BF32659A4480EA10DF25F94C7ABB771F789BF8F080621EA9E477A5DF3AC441C790

Function 000002674E163E30 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E163E5B
std::_Lockit::_Lockit.LIBCPMT ref: 000002674E163E80
std::_Facet_Register.LIBCPMT ref: 000002674E163F2B
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E163F76

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: e96b2e82d93ecaa2b538fed2899b3285f89e7de84e9ce16f7147f64ed71c4740
Instruction ID: 4aca2e865b27ffdfa4a7d0db4371ae6404c9092c6771515cf7aeae77725b06f8
Opcode Fuzzy Hash: e96b2e82d93ecaa2b538fed2899b3285f89e7de84e9ce16f7147f64ed71c4740
Instruction Fuzzy Hash: DF41AF72249A4081EB11DB25F55C7AB7770F798BF8F080621EA9E477A5DF3AD442C780

Function 000002674E195C50 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E195C7B
std::_Lockit::_Lockit.LIBCPMT ref: 000002674E195CA0
std::_Facet_Register.LIBCPMT ref: 000002674E195D4B
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E195D96

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 6932be257f3c88376612ec6fa1552a3f20bd87c429f53985244c208c3aadaceb
Instruction ID: 7cd29cbab0d7eadab5d44aa4f73cbd7984052d8dc29fe817cd4f0273a17e9cf4
Opcode Fuzzy Hash: 6932be257f3c88376612ec6fa1552a3f20bd87c429f53985244c208c3aadaceb
Instruction Fuzzy Hash: 8D41BF32259A4480EB24DF15F98C79B77B1F749BB8F480621EA9E477A5CF3AC441C790

Function 000002674E175A10 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E175A3B
std::_Lockit::_Lockit.LIBCPMT ref: 000002674E175A60
std::_Facet_Register.LIBCPMT ref: 000002674E175B0B
Concurrency::cancel_current_task.LIBCPMT ref: 000002674E175B56

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 93a2c95ede573667e3950762093a80cca790c9a02267e79f441c9a35f3b57abb
Instruction ID: 66568c63eec4473d1e369db7d2b958b759f044034b6b302062ea4ea147412686
Opcode Fuzzy Hash: 93a2c95ede573667e3950762093a80cca790c9a02267e79f441c9a35f3b57abb
Instruction Fuzzy Hash: 18418031649A8081EA15DB15F98C7AB7770F788BB8F580521EA9E477A5DF3AC881C780

Function 000002674E1DB680 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 000002674E1DB6C9
GetLastError.KERNEL32 ref: 000002674E1DB6D7
WideCharToMultiByte.KERNEL32 ref: 000002674E1DB70C
GetLastError.KERNEL32 ref: 000002674E1DB71A

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: d43b7eff65a7dae745af3942cdd14e91feac4936b4f3ea3d898aeea0c8b2b936
Instruction ID: 13a53650fb8fa650f46bd77f2a80779226bb2833761df071b9184299b8b63d87
Opcode Fuzzy Hash: d43b7eff65a7dae745af3942cdd14e91feac4936b4f3ea3d898aeea0c8b2b936
Instruction Fuzzy Hash: CA211D76618B8487E7508F16F448B1FB6B4F389BA8F144129DB8593B55DF3AD8418B80

Function 000002674E1DBB6C Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000002674E1DBB90
GetFileAttributesW.KERNEL32 ref: 000002674E1DBB9F
__std_fs_open_handle.LIBCPMT ref: 000002674E1DBBC8
CloseHandle.KERNEL32 ref: 000002674E1DBBDA

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: AttributesCloseErrorFileHandleLast__std_fs_open_handle
String ID:
API String ID: 833716960-0
Opcode ID: 212cc577b7be2e5c6ea106b2b4fc12f43d225d4dcb5679136c345eabb4b633d0
Instruction ID: f1c19becf8ee2bc29706c9aa0cdb8f8cb5976e506b091f11ab4f1c724914c1f8
Opcode Fuzzy Hash: 212cc577b7be2e5c6ea106b2b4fc12f43d225d4dcb5679136c345eabb4b633d0
Instruction Fuzzy Hash: B911CE3225C60085FAA04B26B48CF2B6671F7887F8F100604FA7787AE9DE3AD4408B80

Function 000002674E150780 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

[json.exception., xrefs: 000002674E1508BB

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID:
String ID: [json.exception.
API String ID: 0-791563284
Opcode ID: 3371d376b1fb0f7f72db62ec8c1ce44848107f54f26edc8b3c89a9c68ecf2878
Instruction ID: abbdab8c275565c9fc2543c1a5db079122cabceef4290edec6a99b57e8c68fe6
Opcode Fuzzy Hash: 3371d376b1fb0f7f72db62ec8c1ce44848107f54f26edc8b3c89a9c68ecf2878
Instruction Fuzzy Hash: 98711472F14B9086FB00CFB9E45839E2771E795BA8F504215DE9917B8ADF7AC092C380

Function 000002674E196330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E19639E
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000002674E1963E6

Strings

bad locale name, xrefs: 000002674E1964BB

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: 6b884abbfe82cca26fa5c3d75b17e478256f2d51f07b413438136a3cdfc1bdf2
Instruction ID: a4bc08528fe30632751bcfe85ec568a3ec125087a193d0c7ce2585afea08905a
Opcode Fuzzy Hash: 6b884abbfe82cca26fa5c3d75b17e478256f2d51f07b413438136a3cdfc1bdf2
Instruction Fuzzy Hash: 91516D32359A40CAEB10DFB1E4993EE3375EB44B2CF040825EA8927A99CF35C921C394

Function 000002674E176650 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000002674E1766BE
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000002674E176706

Strings

bad locale name, xrefs: 000002674E1767E5

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: fa61fe8489eead96f1bcdb6717db0cc4da6c432a113f090fb978a5db9f7204d6
Instruction ID: 224d1b20dde952ab5d16a62e836442971e72b5e630a537649110ae7a51e78962
Opcode Fuzzy Hash: fa61fe8489eead96f1bcdb6717db0cc4da6c432a113f090fb978a5db9f7204d6
Instruction Fuzzy Hash: DD516F32349A40C9EB14DF70E4987EE33B4EB44B6CF040835EA4A67A99DF35C925C384

Function 000002674E1C24D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000002674E1C7878: _invalid_parameter_noinfo.LIBCMT ref: 000002674E1C78AB

_get_daylight.LIBCMT ref: 000002674E1C25E8
_get_daylight.LIBCMT ref: 000002674E1C25F9

Strings

?, xrefs: 000002674E1C2579

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 261cd5bec1a2035031a6129dbaf6c96984a9f4827a3930e8b5c6c4605a5d557d
Instruction ID: b33dbf9b9c15b350de9054ae718fe85abf44be50d354d9bc0ea663e014d77371
Opcode Fuzzy Hash: 261cd5bec1a2035031a6129dbaf6c96984a9f4827a3930e8b5c6c4605a5d557d
Instruction Fuzzy Hash: F441E432358B9046FB649B25B45D3AB66B0E780BBCF144225EF9986BD5EF3AC4C1C740

Function 000002674E1BC2A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000002674E1BC3BB
GetLastError.KERNEL32 ref: 000002674E1BC3DD

Strings

U, xrefs: 000002674E1BC367

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 8f4fd0c91fb0cd949aa6ea42ff252ce09842b517548967c8e372956fef53ad5c
Instruction ID: 16107f179f45d137c3b4014d60b9e093d191596ccc30d179fbe370d86f9b31c7
Opcode Fuzzy Hash: 8f4fd0c91fb0cd949aa6ea42ff252ce09842b517548967c8e372956fef53ad5c
Instruction Fuzzy Hash: 7C41A232718A8086DB60CF25F84C3AA77B1F3887A8F854121EE8E87798DF79C441C790

Function 000002674E1C0F28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

_set_errno_from_matherr.LIBCMT ref: 000002674E1C0F7C
_set_errno_from_matherr.LIBCMT ref: 000002674E1C0FE9

Strings

exp, xrefs: 000002674E1C0F57

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: _set_errno_from_matherr
String ID: exp
API String ID: 1187470696-113136155
Opcode ID: a5b9f233cb04299b36be403a065897f46bab1258e8b14b3ae85cbca89b91c6cb
Instruction ID: 41e43999944717e0737c95e4dc36838794df9fb6b18bd908d39af6b8de30a6a3
Opcode Fuzzy Hash: a5b9f233cb04299b36be403a065897f46bab1258e8b14b3ae85cbca89b91c6cb
Instruction Fuzzy Hash: 9E212636B546148FE750DF78E8486AE37B0F74C75CF401629EA0E92B4ADF39C5808B80

Function 000002674E1D11D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 000002674E1D121C
RaiseException.KERNEL32 ref: 000002674E1D1262

Strings

csm, xrefs: 000002674E1D124F

Memory Dump Source

Source File: 00000000.00000002.1323509145.000002674E120000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002674E120000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2674e120000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 036ca98e85fc673dbf707ecc6b1c2fe227b6d7cd6c56b89ac8b0a1a657246038
Instruction ID: ac2478a5034aef064cf5374c20e3785a95358f3b6f43cb1cecdb5021662efbc0
Opcode Fuzzy Hash: 036ca98e85fc673dbf707ecc6b1c2fe227b6d7cd6c56b89ac8b0a1a657246038
Instruction Fuzzy Hash: 49114F32248B8082EB208F15F44835A77F5F788BA8F284224EF8D07759DF3AC551C780

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Meduza Stealer

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
file.exe

Function 000002674E1A0CE0 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225
windowCOMMON

Function 000002674E1DB83C Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Function 000002674E15D860 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 864
libraryloaderCOMMON

Function 000002674E197910 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 172
synchronizationCOMMON

Function 000002674E1C25B4 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335
timeCOMMONLIBRARYCODE

Function 000002674E1A0420 Relevance: 13.9, APIs: 9, Instructions: 377
networkfileCOMMON

Function 000002674E19A050 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 452
fileCOMMON

Function 000002674E1BE994 Relevance: 10.8, APIs: 7, Instructions: 286
COMMONLIBRARYCODE

Function 000002674E1C2830 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMONLIBRARYCODE

Function 000002674E1AA190 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 408
COMMON

Function 000002674E15E8F0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 324
processCOMMON

Function 000002674E199C30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192
windowCOMMON

Function 000002674E19ADB0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 286
networkCOMMON

Function 000002674E1E2DE4 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Function 000002674E199A90 Relevance: 9.0, APIs: 6, Instructions: 41
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre